UL NO. 450: Thoughts on o1-preview and the Path to AGI 1

UL NO. 450: Thoughts on o1-preview and the Path to AGI 2

SECURITY |
AI |
PURPOSE
UNSUPERVISED LEARNING
is a newsletter about how to securely compete and thrive in a world full
of AI.
It’s original analysis, mental models, frameworks, and tooling to help
you build a meaningful career that survives what’s coming for us.

NOTES

Hey there!

SwiftOnSecurity
@SwiftOnSecurity

When @CISAgov makes you release a patch for your
end-of-life product because the vulnerability is so bad

3:07 PM • Sep 16, 2024

186 Likes
10 Retweets

6 Replies

Fabric now supports OpenAI’s new model, o1-preview. Just
update and use the new -r flag, which sends requests using
User rather than System, and without a
Temperature parameter.
TRY IT
An insane cookbook use case for o1-preview, where it’s used
to do data validation on synthetic data.
MORE
I’m back to kickboxing today! Hopefully I’ll suck less this time. I’m
expecting to improve rapidly once I get settled in, but man—that first session was rough.

It’s LinkedIn Season!
Connect with me on LinkedIn, and
I’ll follow you back!
CONNECT

MY WORK

Last Week’s Comments on Current AI Advances
If you’re following
the progress of AI, I highly recommend listening to last week’s podcast. I
did a whole bunch of coverage of the current state of things, my thoughts on
o1-preview, the path to AGI, and a bunch of other stuff.
LISTEN NOW

The Art Quality Tier List
I think I finally figured out what Art
is. This piece is a definition, discussion, rating system, and even a
methodology for enjoying art. For a beginner, anyway.
READ IT

The Art Quality Tier List (AQTL)

One model for thinking about, rating, and experiencing art

danielmiessler.com/p/art-quality-tier-list-aqtl

SECURITY

The US is evidently heavily reliant on Chinese cranes, particularly from
Shanghai Zhenhua Heavy Industries (ZPMC). This report says ZPMC, a company
owned by the PRC, dominates 80% of the US’s ship-to-shore cranes,
raising concerns about potential backdoors and remote access.
MORE

💡80%? Jesus. I thought it was going to be like 25%, or 50%.

Like I can honestly imagine a war room where we have a kinetic conflict
with China and they’re reviewing all the different ways to disable our
economy. Terrifying. I can only hope there are people looking at
this.

Fortinet has confirmed a data breach after a hacker, going by the name
“Fortibitch,” claimed to have stolen 440GB of files from their Microsoft
Sharepoint server. Fortinet refused to pay a ransom and has notified
affected customers.
MORE

GitLab released critical updates to fix multiple vulnerabilities, with the
most severe (CVE-2024-6678) allowing attackers to trigger pipelines as
arbitrary users. This vulnerability, with a severity score of 9.9, can
enable remote exploitation with minimal user interaction and low privileges.
MORE

The Lazarus Group (NK), have been targeting Python developers with malware
disguised as coding tests for about a year now. These attacks involve
maliciously duplicated open-source Python tools and “coding tests” that
trick users into installing malware hidden with Base64 encoding, allowing
remote execution.
MORE

Sponsor

Get the Most From Your Security Team’s Email Alert Budget

Relying on built-in controls or traditional blockers leads to more noise
than your incident response team can handle.

Material Security takes a pragmatic approach to email security – stopping new flavors of phishing attacks
before reaching the user’s mailbox, while searching for similar messages
in a campaign. Highest-value cases are surfaced with all the context and
reach consolidated into a single view.

Here’s what security teams have said:

“The response time is now just 3-4 minutes instead of 45. We don’t
have to manually respond to the follow-on reports and all employees are already protected automatically
by the initial report. Our whole workflow has changed.” – Gusto
“Material helps automatically cluster similar messages and apply
warning messages or other remediations without the delay and manual
effort of our security team’s review.” – Mars

material.security

Learn More

Mastercard is buying Recorded Future from Insight Partners for $2.65
billion, making it one of the biggest cybersecurity deals this year. Insight
Partners originally acquired Recorded Future in 2019 for $780 million, so
they’re seeing a nice return on investment.
MORE

💡One thing I see here is the motion from startup to platform. With
Mastercard being the platform in this case, similar to Windows or Google
or whatever.

So you have good ideas and execution, and their natural home is within
some sort of ecosystem. So startups are basically petri dishes for
features that will live inside of platforms.

The Security Canary Maturity Model is a framework designed to help
organizations assess and improve their security posture by using canary
tokens. The model outlines various maturity levels to guage where you’re at.
MORE

💡I love this concept of a detection maturity model. Like, here’s the
percentage of your most likely MITRE behaviors that you’d be able to
see.

Sponsor

Get the No B.S. Guide to building a strong cybersecurity program in 90
days! (No email required)

Are you an IT leader without a big, dedicated security team? Have you had
challenges implementing a robust cybersecurity program due to lack of
resources and/or budget?

Don’t let this hold you back anymore! Download our 90-Day guide to get a month-by-month blueprint on how to build an
effective, multi-layered cybersecurity strategy without enterprise-level resources.

defendify.com/guide/get-your-cybersecurity-program-started

Download Guide (no email required)

Australia is set to criminalize doxxing with penalties up to seven years in
jail, as part of new legislation aimed at modernizing the Privacy Act. The
legislation also proposes harsher penalties for doxxing based on race,
religion, or other personal attributes.
MORE

This piece discusses how AI-powered autonomous weapons systems are changing
warfare. The recent withdrawal of U.S.-provided M1A1 Abrams tanks by
Ukraine, after being targeted by Russian kamikaze drones, highlights the
shift from traditional manned mechanized warfare to AI-driven combat.
Friendly reminder that you should read Kill Decision, by Daniel Suarez,
which predicted so much of this.
MORE
|
KILL DECISION BY DANIEL SUAREZ

Russia’s naval activity around undersea cables is raising alarms among US
officials, with concerns that the Kremlin might be planning to sabotage
underwater infrastructure through a secretive military unit known as GUGI.
This unit reportedly operates submarines, surface vessels, and naval drones,
and has been spotted near critical deep-sea cables that carry over 95% of
international data.
MORE

The U.S. is drafting a “New York Joint Statement” to bolster the security of
global submarine communications cables, with a focus on excluding Chinese
firms from the supply chain. This move mirrors past efforts to remove
Chinese companies like Huawei from 5G infrastructure, driven by fears that
the Chinese government could compel these firms to disrupt cable operations
during critical times.
MORE

💡We need a comprehensive critical infrastructure dependency analysis,
which goes along with wargaming.

Actually, now that I think about it, I’m quite confident this is already
happening. I just hope it’s being done with very smart red teamers on the
China side flipping switches on our undersea cables, port/crane infra,
etc.

The US House has voted to block the purchase of new drones from DJI, a major
Chinese manufacturer, citing national security concerns. So much coverage of
counter-China stuff lately. Seems like leadership is getting the message,
which is great.
MORE

The State Department has declared that Russia’s state-owned RT news agency
has become a key player in the Kremlin’s military intelligence operations,
including involvement in covert activities aimed at undermining American
elections and democracies. I remember thinking this was happening with RT
back in like 2017 or something, so—similar to China—I’m surprised it’s just
now getting press.
MORE

Serhii “Flash” Beskrestnov is a civilian radio enthusiast who’s become a key
figure in Ukraine’s drone defense strategy against Russia.
Operating from a mobile intelligence center in his VW van, Flash monitors
Russian radio transmissions and shares his findings with over 127,000
followers, including soldiers and government officials, on social media.
MORE

Continue reading online to avoid the email cutoff…

AI / TECH

A new paper had humans and AI create novel research ideas and then had human
experts rate the ideas. And they actually preferred the AI ideas!
MORE

💡This is the way to measure the abilities of AI—not with standalone
testing. It’s the same with autonomous vehicle safety.

It’s not about how you think they do independently. It’s about comparing
ACCEPTED METRICS between humans and the AI—as judged by humans who don’t
know who made which.

OpenAI released their new o1-preview model, which is focused on reasoning.
The biggest difference between it and previous models is its use of Chain of
Thought (CoT) reasoning, and the fact that it actually spends time (and
tokens) thinking before returning results.
MORE
|
MY THOUGHTS ON IT SO FAR

Klarna’s CEO, Sebastian Siemiatkowski, is suggesting that AI could replace
enterprise software giants like Salesforce and Workday. He claims that
conversational AI, like OpenAI’s upcoming Strawberry reasoning model, can
handle natural-language commands to build custom apps that replicate
traditional enterprise functions, especially those managing corporate data.
Um, yeah. It’s all going to be
SPQA.
MORE

AI-powered SAR satellites are now capable of detecting aircraft from space
due to new radar tech. This allows for real-time monitoring of air traffic,
which could have significant implications for both civilian and military
applications.
MORE

CardiaTec, a Cambridge University spinout, is leveraging AI to tackle
cardiovascular diseases (CVD), the leading cause of death worldwide. They’re
partnering with 65 hospitals in the UK and US to build a massive human heart
tissue-multi-omics dataset to identify new drug candidates.
Super exciting because AI needs data to form its model of the world.
All the intelligence in the world doesn’t matter if you don’t have a
representation of how things work.
MORE

Salesforce just launched Agentforce, a suite of AI-powered agents designed
to enhance human workers across various business functions, marking what
they call the “third wave” of AI.
MORE

Waymo’s latest data shows that human drivers are responsible for most
serious collisions involving its driverless cars, with 16 out of 23 severe
crashes being rear-endings by human-driven vehicles. Over 22 million miles,
Waymo’s vehicles have been involved in fewer than one injury-causing crash
per million miles, significantly outperforming typical human drivers in San
Francisco and Phoenix.
MORE

Tesla’s Cybertruck is spiking in the electric pickup segment, with a 61%
sales surge in July, outselling rivals like the Rivian R1T and Ford F-150
Lightning. So strange because they were getting slammed there for a while.
I’m seeing a lot more in the Bay Area, too.
MORE

The USPS has rolled out its new Next Generation Delivery Vehicles, and while
they might not win any beauty contests, they’re getting rave reviews from
postal workers for their modern safety features and comfort, including air
conditioning.
MORE

Dmitry Grinberg has managed to run Linux and Ultrix on a business card,
turning it into a tiny computer. The project involves using a
microcontroller with just 8KB of RAM and 32KB of flash storage.
MORE

There’s a new study out showing that DebunkBot, an AI chatbot, can
effectively persuade users to abandon conspiracy theories. The bot made
significant progress in changing people’s beliefs, challenging the notion
that facts and logic can’t combat conspiracies. What can convince you
something is true can also do the opposite. This is why I’m optimistic about
having AI on us all the time. Yes, it can be an Orwellian nightmare—or it can be a defender, protectors, tutor, coach, etc. That’s up to us.
MORE

A community college had to cancel its CS career fair because no companies
reached out to participate. Super sad, and super expected. If you have
people coming out of college with a Masters in CS and they can’t find jobs,
what hope do junior college prospects have? This is why we need Human 3.0;
the future is connecting directly to individuals, not relying on a
credential or institution.
MORE

Google has officially killed off cache links that allowed users to view
older versions of web pages.
MORE

United Airlines is partnering with SpaceX to bring free Starlink Wi-Fi to
all its planes, starting with tests in early 2025 and full passenger flights
later that year.
MORE

HUMANS

Ukraine just launched its biggest drone attack on Moscow yet, hitting the
region with 144 drones. The strike resulted in one casualty, set several
homes on fire, and led to the temporary shutdown of Moscow’s four airports.
Someone explain how Ukraine can possibly be winning this. Completely insane
to me, in the best possible way.
MORE

Sweden is increasing how much it’s paying migrants to go home. It’s now up
to $34,000.
MORE

NASA’s Advanced Composite Solar Sail System (ACS3) has successfully deployed
its ultra-thin solar sail in low Earth orbit, making it visible in the night
sky from various locations worldwide. The spacecraft’s reflective surface
can appear as bright as Sirius, and NASA’s mobile app now helps users spot
it using augmented reality. Can’t wait to see this!
MORE

C/2023 A3, also known as Tsuchinshan–ATLAS, is being hailed as “the comet of
the century” and will be visible in September and October 2024. This comet
is expected to be exceptionally bright, with its peak visibility on October
2, when it will be positioned between Mercury and Venus but closer to Earth.
For the best viewing experience, look towards the horizon just before
sunrise between 5 am and 7 am starting September 27, as it won’t return for
tens of thousands of years.
MORE

The US is closing a trade loophole that ecommerce giants Temu and Shein have
been exploiting. This loophole allows them to ship goods directly to
American consumers without paying tariffs, which has given them a
competitive edge over domestic retailers.
MORE

There’s a leaked PDF that details Mr. Beast’s unique company culture and
strategies for creating viral YouTube content.
MORE
|
ONE PAGE SUMMARY

This person says sunlight cured their migraines. It’s not a study, but I
figured most people have tried everything so why not something else.
MORE

Lara Hogan’s piece on being a thermostat, not a thermometer, dives into how
we can influence the mood in our work environments rather than just reacting
to it.
MORE

Content-driven development is a strategy for making progress on side
projects by focusing on creating small, shareable pieces of work.
MORE

In 1913, Vienna was quite a place to hang out, with Adolf Hitler, Leon
Trotsky, Josip Tito, Sigmund Freud, and Joseph Stalin all residing in the
city at the same time.
MORE

DISCOVERY

MerkleMap CLI — This command-line tool lets you search and enumerate
subdomains using the Merklemap API, and even tail live subdomain discoveries
in real-time.
MORE

A 71 TiB ZFS NAS built with twenty-four 4 TB drives has lasted over a decade
without a single drive failure, thanks to a strategy of keeping the server
off when not in use.
MORE

RAMBO Attack — Dr. Mordechai Guri has unveiled a new side-channel attack
called RAMBO, which uses radio signals from a device’s RAM to exfiltrate
data from air-gapped networks. Let me guess—University of Tel Aviv? Israelis
are the side channel GOATs.
MORE

6 Techniques I Use to Create a Great User Experience for Shell Scripts —
This post dives into creating user-friendly shell scripts with techniques
like comprehensive error handling, colorful output, and detailed progress
reporting. Soooo good.
MORE

Soundiiz — Created by two friends in France, Soundiiz is a tool that lets
you transfer playlists between Apple Music, Spotify, YouTube Music, and a
host of other streaming services.
MORE

Nothing — This is a timer that celebrates the art of doing absolutely
nothing. It’s not about staring at your screen but about stepping back from
the chaos and embracing stillness.
MORE

RAG Pipeline Quickstart with Pinecone — This guide walks you through setting
up a pipeline that pulls data from an Amazon S3 bucket, creates vector
embeddings using OpenAI’s embedding model, and stores them in a Pinecone
search index.
MORE

Semantic Image Search CLI (sisi) is a new tool that lets you perform
semantic image searches locally without relying on third-party APIs.
MORE

IDEAS

I love it when experts completely disagree about a really important thing.
It forces people like me to do tons of heavy reading so I can approach
things from first principles.

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ
@DanielMiessler

You know what trips me out?

I follow several of the best China experts out there, and have read
several books about their economy, but week to week it’s impossible to
know if they’re about to crash or about to take over the world.

The opinions vary that widely.

4:38 PM • Sep 16, 2024

11 Likes
0 Retweets

1 Reply