SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch
Security Now (Audio)
Deep Dive
- Sam Altman predicts AGI by 2025.
- AGI is defined as AI that matches or surpasses human cognitive capabilities.
- Experts debate the feasibility and timeline of achieving AGI.
Shownotes Transcript
It's time for security. Now Steve gibson is here. He says there's not a lot of news that we're going to do, a lot of questions from the audience, feedback and so forth. And then Steve will explain in his understanding of what is going on with A I, the search for artificial general intelligence and how close we are coming. I think you're going to like this severson .
security now is next podcasts you love from people you trust.
This .
is tweet.
This is a security now is Steve gibson episode one thousand one recorded tuesday of every nineteen, twenty, twenty four. Artificial general intelligence. It's time for security now so we can cover your security, privacy, safety, how computers work.
What's so intelligent about artificial intelligence? All that jazz with the most intelligent guy. I know this cat right here, mr. Steve.
given I am not that you're not that no, i'm a what if we call a domain expert yes, some experts in a couple places. But when IT .
comes to sadoc u, you're just like the rest of .
us and when IT comes to artificial intelligence, i'm claiming no expertise. Um what I wanted to talk about, as I said last week, artificial general intelligence agi, because everyone thwing the term around, we're hearing people talking about IT. What caught my attention was when sam altman, the infamous and famous CEO of OpenAI, he claimed, oh yeah, we'll have that next week, next year. He said, twenty, twenty five and is like, but but .
he's kind of a salesman as well.
Yes, maybe this was just a national stock Price employees, but I wanted to take some time. I found a couple interesting articles with with a lot of other people in the industry interviewed and some academics interviewed. And I thought, lets, you know, let, let so so today is like, not no one's gna find out some great revelation about A G I as I don't have IT, but you know, it's clearly a thing. And I just thought we should kind of put a marker down and say, okay, here's here's where IT is.
So you've done that before. You did IT with block chain is very frequent that you are able to cause that's that's how you work, digest all this stuff. You're kind of our retrieval augmented generation. You'd digest all this stuff and give IT back to us so we can understand that. So I look i'm very much looking forward .
to this episode. Well, i'm if in the forms of time, if I spend some time diggin, then that would be interest. But we've got a bunches of the talk about we're going to look at all this is a great story, how microsoft lord the U.
S. Government into a far deeper and expensive dependency upon its own preparatory cyber security solutions. Then they buy administration.
Expect also gmail will be offering native, throw away email and allies, much like apple, a mazilla touch on that. Oh, my god. And russia, well, they're banning additional hosting companies.
They're going to give their big internet cut off switch another trial next month. And some other things will never talk about. They, oh, and they used a diabolical windows floor to attack ukrainians. IT was found by a, by a security group.
And boy, when our old timers find out what that something we assumed was safe might not be safe to do, it's going to raise some hair also, we're gna look at, oh, I have a note for our listener about the value of oat of old security. Now, episodes going to touch on true quips. Successor also using cloud flares, tunnel service for remote network access.
Another of our listener city is what i'm doing. So we're going to share that. Also answer the question about how to make a local server appear to be on a remote public I P, which in this case is coming in handy for for pretending to be a remote command and control server when testing male.
Also how to share an impossible to type a password with someone else oh and another listener asked and I answered and then he confirmed about finding obscure previous references in the security now podcast so that and then we're going na dig into this whole question of what is artificial general intelligence and how how was what we have today. FAiling that, what are the recognized and widely agreed upon characteristic tics the agi has to have and when might we get some? So I think a great podcast.
There was not, as you can tell, there was not a huge amount of news. I looked everywhere for good stuff, but boy, I I add IT up. I think I have forty, three hundred some plus some inbound pieces of email from my listeners.
Oh, so like since began. So i'm not starving at all for for listener feedback. And you know, I think it's it's fun.
Actually we've got changing this from twitter to email, completely change the field of the feedback since no longa needs to fit into two hundred eighty characters. And so a lot more interesting and a great podcast oh, and leo and we are starting in on our second thousand. This is podcast number of one thousand .
and .
one I really thought .
of second thousand.
That right person, I OK. okay. Well, you and I are .
going to work on IT. We're going to do our best. That's all we can promise. Just I look different than .
I did twenty years ago. But you look about the same. I don't you think you your hair still, it's nice silver .
blog back I shown they brought you by very happy to say big ID. This really, really interesting company. They're a leading data security posture management solution. Sometimes they called dsp m.
Big idea is the first and only dsp m solution, uncover dark data to identify and manage risk to remediate the way you want, scale your data security strategy through and match data source coverage. Big idea seamlessly integrates with your existing text tag, allows you to ordinate security and remediation workflows. You can take action on data risks, annotate, delete, quarante and more based on the data, all while maintaining an auto trailer.
Very important for compliance right partners include service now, palo alto networks, microsoft, of course, google AWS and more and more and more. And with big ideas, advanced eye models, you can reduce risk, accelerate time to insight out. There's a new metric for me. I love IT time to insight, T, T, I, and gain visibility and control over all your data.
Now let me give you an idea of the kinds of people who use big ID, who do you think would have an awful lot of data in a lawful lot of places, in a variety of formats, some legacy formats, who would need to know where all their data in such a situation? How about, or I don't know, the us. Army, right? They use big ID to illuminate all that dark data to accelerate cloud migration, minimize redundancy and to automate data retention.
I have this quote is from the us. Training, and doctor command is mind boggling. This is the quote, quote. The first wall moment with big ID came with just being able to have that single interface.
The of inventories of variety of data holdings, including structured and unstructured data across emails, zip files, share point database and more. I mean, parenthetic limbs say, you can imagine the different kinds of formats. Army, as ad has collected over last couple of decades.
He goes on to say, to see that mass and be able to correlation across those is completely novel. I've never seen a capability that brings this together like big ID does. That's that's a pretty good adornment. Cnbc recognized big ideas, one of the top twenty five startups for the enterprise named to the ink five thousand that deployed five hundred two years in a row that the leading modern data security venture in the market today. You need to know this name.
Big ID, publisher of cybertopians magazine, said, quote, big ID and bodies of three major features we judges look forward to become winners, understanding tomorrow's threats today, providing a cost effective solution, of course, and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next break. IT all starts with knowing where your data is, by the way. Also really important if you're looking at AI because if you think about IT, you want to train, but you want to train on the stuff.
You know the army probably has a lot of stuff they don't want to train AI on because it's sensitive or secret. So it's really important. Understand what your data is, where IT is in all sorts of places, that what big ID can do, start protecting your sensitive data, whatever your data lives.
A big ID that come slash security. Now get a freedom. I'll see a big ID can help your organization reduce data risk, accelerate the adoption of generative AI.
We're to be talking about that later today. Big I D B I G big ID B I G ID you don't ask me about I D big I D that com slash security. Now they do have talking about AI. They have so many great reports on their website, big idea that comes security now.
But they do have a free report, this brand new, that gives you some really useful insights on key trans on AI adoption chAllenges, including those chAllenges of what to train on, what not to train on in the overall impact of generated AI across the oranienburg. know. And they have great paper on this.
So read IT at big ID that come slash security. Now you need big ID think so much for supporting the work Steve does here. And you support disagrees when you go to the address that they know. We saw that on security. Now, big ID, I come flash security now, Steve, i'm ready with the picture of the week is a good one this week.
This is a good one. And I bet some feedback from our listeners already to really like that. I I was again on the ball and just a reminder to our listers that those we had just shy of thirteen thousand people announce scribe to the security now mAiling list twelve thousand nine hundred and seventy nine I look .
and the club twit members we have. So I think there maybe a correlation there.
I think there may be. And there was a that was the count when the mAiling one out around three pm. yesterday. So just say that that twenty four hours ahead of time, anybody who was subscribed the list got this stuff um so um okay anyway. So the point was that many people wrote back and said, wow, that's terrific.
So what we have is a residential staircase going up, you know, as they do along one wall with A A hAndrail and then a bannister on the outside to, you know, so that the stairs are not open. Now this family has a couple of todgers and looks like maybe sisters a little older than brother. He's in dire still and looks like maybe he's two.
He might be maybe two and a half or three, I don't know, but that across the bottom of the stairs is a screen that mom and dad have said, kids are not going upstairs. They stay downstairs. The child, they.
I think it's a brand new one. IT looks like IT because it's .
still get the sales tag on IT that you're right to end. And I noticed also .
that behind IT are .
a couple of stacks of stuff to well, now I gave this picture, the caption, the bottom of this staircase may have been blocked, but these future hackers are not deterred because that the the stairs protrude out from the the ban isters supports and and both of the kids have have walked up the outside of the stairs. Truth like seeing whether there's a way they can get in there because they're going to find a way. And IT looks like maybe the the if if i'm right, the the oldest sibling look like SHE sort of tried to squeak herself in because SHE sort of .
ran out of runway there.
Not so yeah so there so there are we hope the analogy is not that they are behind bars because, you know the the bannister does look a little bit like that too. But you know these guys they're determined to find a way past mom and dads blocked e of the stairs. So a boy, future accurate? yeah.
Future hackers. okay. So, so a recent reporting by republica raised some interesting questions, and I gotta kick out of this. I sure that our listeners will too. So republica, and and i'm i'll be interrupting a few times here on my own comments days that in the summer of twenty twenty one and recovered red, this at the time, president joe biden, summer, the ceos of the nation's biggest tech companies to the White house, a series of cyber attacks linked to russia, china and iran had left the government reading.
And of course, some of that was microsoft fought right, and the administration had asked the heads of microsoft, amazon, apple, google and others to offer concrete commitments to help the U. S. Bolster its defenses.
Biden told the executives gathered in the east room, quote, you have the power, the capacity and the responsibility, I believe, he said, to raise the bar on cyber security unquote. Now they said non. Microsoft had more to prove the most. Its own security lapses had contributed to some of the incursions that had prompted the summer in the first place, such as the solar winds attack in which russian state sponsored hackers stole sensitive data from federal agencies, including the national nuclear security administration.
Following the discovery of that breach, some members of congress said the company should provide Better cyber security for its customers, others when even further center or ron White new chairs to send its finance committee, called on the government to quote, evaluate its dependence on microsoft before awarding IT any more contracts. Now as we're going to see shortly, what happened is not exactly what run was looking for. This was not the kind of reevaluation that ron had in mind, republican said.
In response to the president's call for help, microsoft s CEO, such an adela, pledged to give the government one hundred and fifty million dollars in technical services to help upgrade its digital security. Well, what isn't that nice on the surface, they wrote, IT seemed to political win for the by administration and the instance of routine damage control from the world's largest software company. But the result of propria subsequently investigation suggests that microsoft seemingly straightforward commitment to provide a bunch of free technical services belied a more complex profit driven agenda.
As time has since revealed, microsoft apparent generosity was a calculated business maneuvre designed to bring in billions of dollars in ongoing revenue, lock competitors out of lucrative government contracts and even further tighten the company's grip on on federal business. And as I am reading this, I thought, you know, if I didn't know Better, I would think gates was still around, since this turned out to be a recognition cognizable ly classic bill move. So they wrote the White house offer, as IT was known inside microsoft, would dispatch microsoft consultants across the federal government to install microsoft cybersecurity products, which is part of the offer were provided free of charge for a limited time.
That's right. What a bargain. What's what's wrong with this picture? okay. So they say, well, how about once the consultants installed the upgrades, federal customers would be effectively locked in because shifting to a competitor after the free trial would become versus and costly, according to former microsoft employees involved in the effort, most of whom spoke on the condition of anonymity because they feared professional repercussions.
At that point, the customer would have little choice but to pay for the higher subscription fees. In fact, two former sales leaders involved in the effort liked IT to a drug dealer hooking a user with free samples. Quote, if we give you the crack and you take the crack, you'll enjoy the crack.
One said, quote, and when IT comes time for us to take the crack away, your end users will say, don't take IT away for me and you'll be forced to pay. Former sales people said that microsoft wanted more than those subscription fees. The White house offer would lead customers to buy other microsoft products that ran on azure.
The companies, of course, there they have the cloud platform. This Carried additional charges based on how much storage space and computing power the customer used. These former sales people said that the expectation was that the upgrades would ultimately spin the meter in quoting them spin the meter for azure, helping microsoft take market share from its main cloud rival, amazon web services.
In the years after non dela made his commitment to biden, microsoft goals became reality. The department of defense, which had resisted the upgrades for years due to their steep cost, began paying for them once the free trial ended. Laying the groundwork for future as your consumption so that many other civilian agencies.
Former microsoft sales person kan, who acknowledged the deal, said that, quote, the White house offer got the government hooked on asure and IT was successful beyond what any of us could have imagined and grow. While microsoft gambit paid off handsomely for the company, legal experts told republica the White house should have never come to pass as they sidestep or even possibly violate federal laws that regulate government procurement. Such laws generally bar gifts from contractors and require open competition for federal business.
Eve lien, an attorney who worked for four decades as a procurement specialist in the federal government, said that accepting free product upgrades and consulting services collectively worth hundreds of millions of dollars is not like a free sample at costco, where I can take a sample, say, thanks for the snack and go on my mary way here. You have changed the I. T.
culture. And IT would cost a lot of money to switch to another system unquote. Microsoft is part defended, of course, its conduct.
Steve, fail. That's F A E A L. Me, that good. Yeah, I thought I should spell IT A F A E H L D fail. The security leader for microsoft federal business said in a statement, quote that company's sole during this period was to support an urgent request by the administration to enhance the security posture of federal agencies who are continuously being targeted by sophisticated nation state threat actors.
There was no guarantee that agencies would purchase these licenses, and they were free to a gay ahh with other vendors to support their future security needs. On go pricing for microsoft security sweet was transparent, he said, and the company worked quote closely with the administration to ensure any service and support agreements were pursued ethically and in full compliance with federal laws and regulations. On quote fail said in the statement that microsoft asked the White house to quote, review the detail for antitrust concerns and ensure everything was proper and they did so.
I love the race done azure. I just think the done azure, it's a nice ad campaign.
There's only one little problem with us. Of course, as we know, IT really is surprisingly difficult to switch vendors. And of course, IT gets worse for public, found the White house summit usher in a new form of concentrated reliance, as well as the kind of any competitive behavior the by administration has pledged to stamp out.
Former microsoft sales people told told the during their White house house offers push, they advised federal departments to save, get this little to save money by dropping cybersecurity products they had purchased from competitors. Those products they told them were now redundant. Sales people also fended off new competitors by explaining the federal customers that most of the cyber security tools they needed were included in the free upgrade bundle today as a result of the deals.
Vast swash of the federal government, including all of the military services in the defense department, are more reliant than ever on a single company to meet their IT needs. Republic of investigation supported by interviews with eight former microsoft employees who are in volt in the White house offer, reveals for the first time how this sweeping transformation came to be a change that critics say leaves washington vulnerable, the very opposite of what biden had set out to achieve with the summer because of of the monoculture, right? It's like, oh, everybody is using microsoft. Unfortunately, we've seen microsoft making some significant mistakes. Well.
wasn't this is in kind of response to solar winds?
yes. yeah. yes. This was three years ago when I was like, oh my god, what are we going to do? And so microsoft, hey, how would you like some free stuff, one hundred fifty million of stuff for free?
IT was only free for the first year. I mean, IT wasn't even free.
Free IT was a trial offer. Basic IT was. I mean, so okay, so the republic article, i've got a link in the show notes IT goes in a much greater detail that was just like the the the interest a quarter of IT as so I have a link to IT, as I said, for anyone who wants more.
But i'm sure that all of our listeners get the idea. At one point, microsoft was asked to provide this enhances security support to the federal government at no charge indefinitely, which they flatly declined. But of course, IT became a negotiation overwell.
Then how long will the services be free? You know, of course, what adds even more solved to this wound is IT. For many years, the same federal and military agencies have been steadfast ally, refusing to go with microsoft solutions due to their cost, but they could not say no to free.
So this allowed microsoft to get their solutions in the door to remove any previous reasonably Prices competitive solutions. And then once the free offer expired, the choice was either pay up or go without. And, you know, it's at least mildly disgusting.
And what's more, you know, this didn't just fall in the microsoft lap, right? Former insiders made IT clear that this was their intention all along. From the beginning, microsoft CEO such a deal knew exactly what he was doing. Basically, IT was a trojan horse.
How hard is IT if you've upgraded your security to microsoft g five level is IT to go back. Like if they go ah, we don't want to pay for IT.
we're going to go backwards. If elan musk is going to do anything.
this is me my way.
This is the kind of thing I mean IT takes holding your breath and pinching your nose and and I mean, it's an upheaval. And so so anyone in IT understands that, but it's not their money they're spending, it's our money they're spending. And so it's always less expensive to pay for the incremental cost of another you know another three months.
Then IT is to say, okay, we're on the wrong path. We're going to just we're gonna get in this path because IT IT. Does that mean going out, getting competitive bids and in literally having downtime while all of these changes because that, you know you you have to remove all of this junk and and put a new stuff so as if the whole motivation .
for doing this was, oh my god, we've got a big security problem. You like to tear out the security fix. You just installed LED to fix that so that you can do something else. You're going onto be a lot of pressure just to keep on keep .
on on well o uni, at our on the old timers of who are listening the podcast, we all remember gates. I mean, he was bill. Bill was much, he's revered to some technical genius.
I mean, he is a genius, but he was much more a business man. H, yes, he was. Denny was a coder and he says that now too know.
I mean, so you know, we watched all of the early shangaans that microsoft got up to, you know, things like, oh, you can't remove our browser. We put in the windows. It's part of the till the eu said, take IT out, make IT well, okay, you just that you not give us the .
way same old.
same old but this is this just struck me as so gates's IT was just like a boy yeah so ouch. Um okay. So at apple has hide my email.
Mozilla offers their firefox relay. And you know, these are email services that create thrown away allies for a user primary account. The recent news is that google is reportedly working on adding something which they call shield. The email two, gmail, their two, you know, for their two billion gmail users. So as with the other services, users will be able to quickly generate random looking user names for use, you know filling out online forms and subscribing to things and and so forth, which hide their really mail addresses.
So those are just allies, and then you'll have some means of managing the alliances so that, for example, if you started to get spammed on one, first of all, I would be interesting, you know who, you know which email address is spamming you, and then you're just able to delete IT and you'll youll get rid of IT. So i've noticed that a large percentage of the subscribers to grc mAiling lists are gmail domain users. So I imagine this will come as a welcome service.
Unfortunately, I use gmail as my trash can already because I got, you know, G R C dot com email addresses. So it's a little late for me. I I don't think I would they go to serve much purpose using you know, shielding what is already my thrown away account but still for people whose mine whose primary email is gmail, I think this sounds like a good thing and you know Better late than never. It's certainly took a while. On the other hand, you can you imagine that infrastructure that google must have in order to give two billion users like email that works as well as gmail does and .
they use their own server. They're not using you an open source, anything like that. So if you worry, you might be a simple plug in, but a big deal that's to move.
Yeah, it's all let's not forget, gmail is not a brand new service by any means. correct? Was one of the very first web services correct?
In fact, I remember do you remember guy named Steve bas who was um he was he ran the past da IBM PC user pit mug was if you try to perforce the anyway and I think he wrote .
for PC world also .
I do uh neat guy a and he had early access to gmail and so sent me a an invite that allowed me to get a you know uh special uh email account at at a gmail so you telling but .
because you otherwise IT will be completely useless.
Believe me, it's next to that now anyway, it's just I have .
report at gmail, which cause I was also early.
very nice.
and everybody is decided apparently the spam was was decided that i'm french and get a lot of french spam, almost exclusively french. And I also because people improve, this happens to you. I'm sure if that happens to our listeners, they don't really understand that you can put a space in a gmail address.
So a lot of people named frost wa report and and Abigail report, they type of space in there and IT all goes to report a gmail. So I get all sorts of stuff like your tickets are ready. I mean, just endless your patience for tonight in paris. I mean, it's attempted, but no.
i'm well and you're right. The problem with that being that big, like all those domains are all those names in a single domain, is that if IT is not like, you know, B Z Q R T, seven, nine or something, if IT is leo or fred.
it's world like.
you know, goodbye.
There's a story about jim at A O L that com. Poor jim never really did get to use that. Do you want me to take a break, ker?
Do you want to continue? I think now is a good time. We're half an hour in and then we're going to talk about it's definitely not love coming from russia. So russia talk about and we do get to talk about.
Thank you, Steve. I show they brought to you by those great folks that delete me. I have some direct experiences to delete me because we have been using IT for our CEO for some time now.
If you've ever searched ed for your name online, I don't actually recommend that you do this. But if you've done that, you know how much of your personal information is right there in public. It's all data brokers. They've been collecting this stuff for years. Every APP you use, it's not just tiktok, it's facebook, it's instagram.
Every site you visit and they take all the information, they coate IT, and they make basically a docia about you and you and your family, about everybody you know, maintaining privacy more than a personal concern is a family affair. That's why delete me has introduced family plans. So you can have to lead me for everyone in the family.
I think and I think they do have this corporate plans as well. Think that's what we use because you really should have delete me for every manager in your company we ran. I've told the day before.
Forgive me if you know you've heard IT before, but we rand delete me because lisa, somehow bad guys figured out what her phone number was, what companies SHE worked for and who were her direct reports were and what their phone numbers were. I wonder where they got that information right, and as a result, were able to do a spare fishing campaign purporting to be text from leases. Phone, the ceos phone.
Sing quick. I need some amazon gift cards. I'm in a meeting, get them and send them to this address. Fortunately, our employees are smarter than that. But he immediately told me, you know, we got to do something to reduce the amount of information about our management online. And that's when we went to delete me.
Delete me helps reduce risk from identity theft, from cybersecurity threats like that, from a harassment, you know, from all of the things privacy violations can do. IT is not a nice delete me. Experts know where the data is.
They will find and remove your information from hundreds of data brokers. And by the way, you get the family or the corporate plan, you can assign a da sheet for each member. It's tailed to them so that you could say, well, don't let the instagram information, but do delete the facebook kind of thing.
Easy use controls. So as an account manager, you can manage privacy settings for the whole family. But this is important. Once you've removed that data, you don't just then walk away cause you could do that yourself first while you need know the hundreds of data brokers out there.
But then you need to know as new one's come online and they do every single day, it's a very profitable business. You need to know to go back, and that's what delete me. Does they continue to scan and remove your information regularly.
Only from the existing data brokers from all the new ones that pop up all the time. And i'm talking addresses, photos, emails, relatives, phone numbers, social media, property value, everything. It's all online data brokers have at all.
Until we get a comprehend of privacy law in this country protecting you, you gotto protect yourself and your family and your business. We claim your privacy by going to join to lead me down com slash to IT the offer code tweet gets twenty percent off, which is a great deal. Join delete me dot com slash to IT and use the offer code to IT for twenty percent of.
And if if you want to go to join the libby dark house slash tweet, look at all the offerings. They have a very granular set of offerings that can really do the things you need to do to protect yourself online. So very much recommend looking at all that.
It's really an amazing company. Join delete me dot com slash twit, thank you. Delete me, by the way, after the national public data broker breach, Steve, we search for my name right there, my social interior, everything, not laces, not laces.
And I thought that that's that's a pretty telling. Think that that me really worked. Join the lame that can slash to IT. Thank you. Delete me, Steve.
So russian officials.
i'm sorry.
I recently, no, we're going to get there as I have recently announced via telegram that they plan i've which I thought was interesting in .
the yellow telegraph, that they .
planned to expand rushes ban on foreign web hosting providers who are hosting content that discredits the glorious russian army. Their words. So ocmi and cdn seventy seven may soon find themselves added to the band list for being naughty.
Overall, russia appears to feel that the internet is at just a mixed blessing. It's unclear to me how it's possible to even function within today's globalized economy without IT. I think they're nuts. But russia.
i'm getting ready. I'm getting ready for the ahead.
great. Russia seems poised to at least explore getting along without the internet, to which end rushes illustrious internet watchdog, none other than ross come. I'm sorry, has announced its plan to conduct another test next month of russia's big internet disconnect switch when pulled, does what IT says IT servers all ties between russia and the rest of the global internet.
And they did at once before.
didn't they? They yes, and and they've been working on this for years. They have to do two things like like figure out what to do with DNS queries that resolve to I P addresses that are no longer available. I mean but they just don't want everything to to hang and crash and like sitting in in like, you know with the hour glass spinning. So IT turns out that disconnecting from the internet is not an easy thing to do. And of course, as I was as I was, uh, thinking about this, uh, I thought, what about sterling? Because, you know it's no longer the case that that the useful internet connect vy requires you landlines and and fiber optic trunks and all of that start starting .
is banned in russia, that was in my guess or doesn't offer IT. Let me see it's available in ukraine, of course.
and you're write russia is sanction, right?
Yeah yeah. So that just works into their their favorite doesn't that's right.
Easier to disconnect, easier to pull the switch. So anyway, so there they're going to do another test in december. And again, you know it's like is there some big long term plan here as that? Is that just so that they like are worried they're gonna get attacked? I don't know.
You know, we would know if our country was doing the same thing because I would have an effect. I mean, pulling the switch on global connectivity will have an effect. So really interesting.
We have to see what they've got plan. But while on the topic of russian antics, get out of this, one of the zero days IT was cv twenty twenty four forty three, four fifty one. The microsoft patched this past week was, you know, in patch tuesday.
Last week was used in a russian hack of ukrainy organizations earlier this year, according to the security firm clear sky. The zero day was part of an exploit chain that exposed anti landman, anti land manager credential hashes also knows L N T L M credential hashes when victims interacted with dot URL files that will received in fishing emails. But here's the part that really caught my attention.
Clear sky said that right clicking, deleting or moving the file established a connection with the attacker's server, exposing authentic data. The reports suggests that the campaign also use social engineering, convince victims to run, execute ables, okay, but hold on, right. Clicking on a file to display its context menu and examine its properties, deleting IT or dragging IT to another directory was all that needed to cause the victim's machine to establish a remote connection to a malicious server.
what? So I went over to clear sky to see what was up, and I got a link in the show notes for any elan who wants to see to the clear sky. Research today posted the right up last wednesday, writing a new zero day vulnerability C V E on, by the way, I was posted wednesday because the patches were pushed on tuesday, the day before, you know, closing this down. They said a new zero day vulnerability, forty three, four, fifty one, a clear .
sky security, an invalid or response. I don't know if it's blocked or a cape provide a secure connection. So this might be my browser. Sometimes this happens .
interesting. Maybe maybe you do an explicit HTTPS and because I .
think the ubiquity blocks certain things. Okay.
yeah, so I was .
just clicking the link. You, you, yeah.
yeah, yeah. Let me try clicking IT here.
Yeah, i'm sure it's fine. It's just me. Yeah I also have that from safer just came back up for me yeah so it's i've noticed, ed, this there's certain place as I can go and I think it's the security. I do use security and you on the uba basic okay.
so they so they wrote a new zero day vulnerability forty five forty three four forty one was discovered by clear sky cyber er security in june of this year twenty twenty four. This vulnerability affects windows systems and is being actively exploited in attacks against ukrainian entities. The vulnerability activates URL files containing malicious code through seemingly innocuous actions than they have three bullet points.
First, a single right click on the file in all windows systems will do this. Deleting the file in windows ten or eleven will do this, dragging the file to another folder in windows ten or eleven and some windows seven, eight and eight point one. They wrote the malicious U R L.
Files where and I should note that a URL files is just text so it's kind of pushing IT to call a malicious. But okay, it's just a link. It's just got IT looks like in any file.
So they wrote the malicious URL files were disguised as academic certificates and were initially observed being distributed from a compromised official ukrainian government website. What actually happened was that the russians compromised an email server in ukraine and then used the email service credentials to send, you know, A D kim S P F, you know, the mark approved email to others in ukraine. So the email that was coming in looked like IT was verifiably authentic from the compromised server.
But in fact, unfortunate he was fishing email. So they said the attack begins with a fishing mail set from a compromised ukrainian government server. The email prompts the recipient to renew their academic certificate.
The email contains a malicious URL file. When the user interacts with the URL file by right clicking, deleting or moving IT, the vulnerability is triggered. So i'll just say this is like this is the first time i've seen that like, you know dragging a file and droit in the trash or right clicking to learn more about IT.
That's all IT takes under windows ten and eleven in order to well right right clicking in all versions of windows in order for this thing to happen. And I ve got more detail. So they said, when the user interacts with the U.
R L five, right clicking, deleting or moving at the vulnerability is triggered. This action establishes a connection with the attackers server and downloads further malicious files, including Spark rat ml. Spark crat is an open source remote access children that allows the attacker to gain control of the victim system.
The attackers also employed techniques to maintain persistence on the infective system, ensuring their access even after a reboot. Okay, so the culprit here is a dot ural file, which is a windows internet URL shortcut. It's a text file and anyone who's ever looked at like the original dot I and I you config files back in the early days of windows will will recognize the format here.
It's got sections that that are surrounded by square brackets, and then just simple name equals value pairs in all in text. The key is that the file contains a URL equals line where the scheme of the URL is file coin forward flash, forward lash, followed by the IP of the malicious remote server in windows. The file coin flash lash scheme is, he is is handled by S, M, B, which is, of course, server message blocks, which underlies windows original file and printer sharing, which, as we know, was never up to stuff security wise.
So that's where T, L, M credential hashes come in because windows has always been extremely generous handing out. It's like I idea its users by by sending their credential hashes around long before IT was realized that you that's not a good idea to be sending somebody y's hashed credentials because there's all kinds of this if you can get up with them, including just a replay of of of the credential hash in order to impersonate them, which is exactly what this thing does. So apparently upon even extremely a noctis contact with these files and windows up.
And you know it's worse in more recent windows ten, in eleven, windows explored will, without any prompting, reach out to the file server it's indicated in the shortcut, even without its recipient executing the shortcut, the researchers wrote when examining the U. R L file, clear skies team exposed a new vulnerability. Right clicking the file establishes a connection to an external server.
In addition, execution in a sandbox raised an alert about an attempt to pass the N T L M hash through the S M B protocol. After receiving the N T L M hash, an attacker can Carry out a pass the hash attack to identify as the user associated with the captured hash without naming the corresponding password. In other words, the credential hash that in T L M S N B protocol sends out to identify its windows user can simply be captured and subsequently used to impersonate the user as if they were logged in, the researchers wrote.
Further investigation yielded that in windows ten and eleven Operating systems, the action of dragging the file from one folder to another or deleting the file caused the file to communicate with a target server and only then be deleted or moved under windows seven, eight and eight point one. The file did not initiate communication when drag or deleted unless the target folder was open at the time of dragon. They said this did not happen on the first attempt, but was observed only after two to three attempts.
That is, they concluded the newly detected vulnerability is somewhat more exploitable on windows ten and eleven Operating systems. So i'm sure that they must be a bit unnerving to those old process among our listeners here to learn that the actions that any of us might take to dispose of something we may have inverted tly received could themselves lead directly to a compromise of our machine. That's new.
So microsoft reportedly patched and close this floor in last tuesday. Ys, patch updates. So that's good. But IT should serve to remind us that those of us using windows are using an extremely complex Operating system that is still dragging a ton of legacy code forward.
That code was written, that N T L M S M B file and printer sharing code was written, and its protocols were designed long before the world had an appreciation for just how secure our future systems would need to be. What came to mind as I was thinking about this, the classic example of this was the original design of the windows metafile format. Windows draws on the screen through a series of drawing primitives.
You, in invoking a circle or a rectangle or a line function with parameters and so forth, a windows metafile. You know, W M, F is just the capture of those drawing primitives. It's essentially a script that later, when that metaphor is opened, those primitives are, we played on to a new blank canvas to recreate the original drawing.
So the metaphor contents are interpreted, but the designers that the original metaphor format thought, what if we want to do something more, you know, something more than just replying something that was previously recorded? Why can't the file contain some code that's executed? And remember, this was windows three point o so among all of the interpreted tokens, they specified a meta escape code, which is what I was called, that would cause the system to execute to essentially escape from interpreting gdi graphic device interface, uh tokens and execute the code contained within the windows metafile starting at the bites immediately following the special escape code.
And so it's SAT there in the metafile specification for years until much later. Oh and IT was copied as as like from from ninety five to ninety eight to um what was a the last sixteen bit version IT was me windows M E. And then IT made the jump to windows N, T.
And so on. So later, years later, in the era of nt and network and internet A A connectivity, IT was suddenly rediscovered and labeled as a horrible exploitable flaw at the time when I commonly stated that IT was obviously there all along by design, many people misunderstood me. They thought I was saying that microsoft had deliberately planted a back door in windows. IT was, you know, IT was originally deliberate, but he was never malicious.
IT was convenient.
IT yes. IT was yes. IT was a reasonable thing to do back when we could trust every image our machines might try to render.
But let's just say IT in age well, and neither was microsoft original in t land manager and their S. N. B protocol.
You know, they did. They have not aged well either. And no, they were also designed back before we really understood security. So this you know this wasn't uh, deliberate on microsoft part and we do. And what was really interesting was that a couple a week or two ago, we were just talking, but how microsoft has decided not to keep patching N T L M problems yet the zero patch guys are. So there's another reason why zero patch is is worth looking at.
Oh, and I should mention I got a bungee of feedback from our listeners who said, you know, Steve, you should mention that there's a free tier also, so so it's not necessary to subscribe the zero patch in order to get some of the benefits of IT. So I just wants to mention that along with all the others. And thank you everybody who wrote to say, you know, there's a free be available so there is a free tier for zero patch.
okay. So uh, not a lot happened this week and we've discovered at all. So i'm going to to spend some time with some feedback from our amazing listeners.
Um I believe he would pronounce his name echo A Y I K O. I sorry if that's wrong, but we'll say echo fred is in uganda and he said, hey, Stephen leo, this is echo fred from uganda. I've been listening to security now since twenty twenty one, starting around the eight hundreds.
And then you know, episode number is that I occasionally miss a few episodes when things get busy, sometimes up to a month, but i'm thoroughly enjoying the show. Examination point, he said, I don't have, I do not have a formal background in computer science, but I developed an interesting programing in twenty twenty and learned some earring and elea. He said, my first and only languages which are now using at work.
He said he made me realize I had only a blurry understanding of many key concepts. I'd never thought to go back to the earlier episodes from two thousand and five, but a few episodes ago a listener recommended going back to the earlier episodes. So I decided to give this a try and wow, explanation point.
He said, the way you explain topics like how the internetworking, crip, tom phy and VPN really clicked for me. He said I was blown away by how much easier IT was to understand these concepts through your explanations. Now I feel like i've been programing by superstition all along.
He said each episode, said each episode has left me wanting more, and i've even relished to some episode es three to four times, especially those on Crystal phy and internet fundamentals. I'm now on episode fifty eight, and i'd encourage anyone with a shaky grasp on these topics to check out the earlier episodes they won't regret IT. So I wanted to share that just as as to reminder listeners about that.
But he finished saying, one episode made me think this is exactly what I need. He said that was episode forty one, true script. He said, unfortunately, I learned the true crypt.
Development was discontinued in twenty fourteen. Do you have any recommendations for alternative tools with similar features to true script that are compatible with linux? I love something with the same level of privacy and security.
Thank you again for all your work. I really appreciated looking forward to episode one thousand. Best regards. So I mentioned this bit of feedback last week that I wanted to share IT this week because I know that this podcast has been discovered by many people years after we recorded those early fundamental technology podcast.
We've heard from others who, after discovering this podcast, had the idea of going back to start from scratch and catch up. And those people have invariably found that IT was worth their time. So Frankly, part of me is tempted to just stop and recreate some of that work from the early days so that they're put back into everyone's fees.
But that doesn't make any sense because they're already there. Every podcast we've ever recorded remains available to everyone, and reproducing content we've already created would display our new content for which we often barely have enough time as IT is. So from time to time, i'll take a moment, as I have here, to remind our listeners that back in the early days, we laid down many of the fundamentals of the way everything we're talking about today works, and IT was done in a way that many people have found to be extremely accessible.
Also, another thing we often hear is that while our listeners enjoy the content today, they feel that there's much they don't understand. You know, they say like, well, I did. I understand maybe twenty percent of what you're talking about would just mentioned that a week or two ago IT is true that I consciously build upon the foundation that we have laid down before using what's come before as the only way it's possible for us to move forward.
So to those who feel that they've been tossed into the deep end of the pool by showing up here late, let me note that all of that knowledge that's missing and assumed was once covered in detail back in the earlier days of this podcast. really. I mean, we all of the stuff we do i've talk about and and and sort of zip over when we're talking about something new. That's all been discussed in detail in the past. And it's all there waiting and free for the asking for anyone who wants IT.
At some point, i'd love to make IT a play, the foundational episodes that people should listen to. Yeah, but just for a eof red, there is a replacement for true script. Steve talks about IT, an episode five, eight, two. You'll get there. A fairscribe t that he talks about IT episode of many other episodes.
And so IT is, and I have a link to very clipped in the show notes. Uh, V, R, A, C, R, Y, P, T, dot, F, R, very crypt. Dt, F, R.
I went over and took a look. And if yet, I mean, I was updated a month two ago. So IT is being kept current and IT is platform ignostic. It'll work beautifully for linux and encrypt your drive, just like true clipt once would have see. We've covered at all.
We've covered .
at all over the years, really we have well, leo, how many thousands of hours?
Several at least.
Um okay, Scott got freed, wrote to share his powerful solution for accessing his network from home. But leo, let's take a break and then we're going to find out what Scott is using in order to get roaming access. And it's not something we've ever talked about oh, how far something the new yeah .
like hamadi or we've talked about a lot of different ways we would do and stuff like that yeah you .
know how much you still exists really but yeah.
log me in, log me in.
Bought tom. Yes, and it's so it's a commercial service, but it's still there.
And IT was a great idea using what? Five dot, right? Yeah well, I can't wait to hear what else there is out there.
But first award from our fine sponsor, a name you know I know you know one password, you may be thing well, yeah, I know they they do a really good passer manager. Well, this is a new product from one password, can't takes a password manager. The next step, it's called extended access management.
And let me ask you a question, if you're in IT or run a business to your employees, do your end users always work on company own devices using IT approved apps? Of course, they're the best, right? No, they don't. They bring their phone in their laptop, watching their plex server from home.
So how do you keep your company's data safe? What is sitting on all those unmanaged apps and all those unmanaged devices when passwords answered to that question? Extended access management, one password extended access management helps you secure every sign in for every APP on every device, because IT solves the problems of traditional im password management and md m cannot touch.
Imagine your company security, like the quad of a college campus. S, you know, the nice brick page. And leading through the Greensward between the ivy covered buildings. Those are the company owned apps, IT proved apps, company owned devices, the managed employee. And then it's all nice, it's all peaceful.
But then, as on any college campus, there are the pads people actually use, the shortcuts warn through that beautiful Green grass that is actually the straight line for building a to building b. You know, want to go around about to get to physics one or one, you know about straight lines, right? Those are the unmanaged devices.
The shadow I tps are not employed ed, in these like contractors. If you've got employees, it's inevitable they're going to do their own thing. Problem is most security tools only work on those happy little brick pets.
A lot of the security problems take place on the short cuts. That's why you need one password extended access management. It's the first security solution that brings all these unmanaged devices, apps and identities under your control.
And ensures that every user credential is strong and protected, every device is known and healthy, every APP is visible. It's security for the way we really work today and is now generally available to companies that use octave or microsoft antro. It's also a bit for google workspace customers.
So good news. You can check in out right now I won password that come slash security. Now this is really an exciting to offering from one passage, one pa W O R D, right? One password dotcom flash security.
Now we think of someone for supporting Steve s important work here at security. Now we thank you for supporting IT by going that site. So they know you saw at here one password, duck com slash security. Now, okay.
and we go more. A Scott leaves to the end that everything he describes is all a free service provided by cloud flare, which is really .
interesting. You have a lot of free services.
yeah. So I wanted to mention that up front. That is the freely.
So the while i'm sharing what Scott wrote, everyone who might have a similar need will be taking IT seriously and thinking of this is interesting. So Scott said, high, steep. Congrats on one thousand.
I've listened for all twenty years, every episode. Thank you. And leo, he said, i've heard several questions from your listeners about how to access their home network while traveling VPN overall network.
I had the same question. My primary requirement for accessing my home network was that I did not want to open any ports on my router. Amend of that is that I research solutions for several months until I happened upon a blog post at cloud flair.
The solution for me is the cloud flare tunnel, and that's A W W W cloud flared dot com slash products splash tunnel T U N N E L. And he said, I run an old intel luck from inside my network that creates an outgoing tunnel to cloud flare. The cloud flare dashboard, let's me add my own domains, has a firewall, provides authentic ation, and allows me to configure routing for my four internal home subnet.
He said, it's awesome. I run two separate photo sharing apps for the family. The apps run in docker containers on the neck, which has linux and casa OS, but the tunnel could run on a nass or ima board when travelling.
I use the cloud flare warp APP on my laptop and connect to my home network. I can then R D P to my windows neck. I can access my ubiquity camps, and I can access my true nothing on the home network is exposed to the internet IT all happens through the tunnel.
The family accesses my shared photo apps. Jellyfish and pie go using a web browser pointed to my custom domain. I add authorized family member email addresses to the cloud flared dashboard.
When a family member tries to log on to one of the apps they just entered their email address, they're sent a pin for access. All of that is handled by cloud flare. It's a little bit of a propeller bi kinds stuff, but one could just start with a tunnel to access the home network without sharing apps and dealing with authority.
Oh, he says, I forgot to mention all of the stuff I use at cloud flare is free. All caps explore. Point is that I hope this might help anyone searching for this type of solution best, Scott. So thank you, Scott, for sharing that. IT was news to me, so I went over to take a look.
Um cloud flare tunnel page says, protect your web servers from direct attack from the moment and application is deployed developers and IT spend time locking IT down, configuring acs no access control lists, rotating I P addresses, and using clunky solutions like re tunnels. There is a simpler and more secure way to protect your applications and web servers from direct attacks. Cloud flare tunnel ensure your server is safe no matter where is running public cloud, private cat cloud, couperin's cluster, or even a mac mini under your TV.
So from Scott description, IT sounds like an extremely powerful and capable solution for a simple, safe remote connection to an internal network. IT may be more than many of our listener's need, but I wanted to put on ever with radar, you know because IT really does sound like a power users tool. You know being able to set up authentication um have registered email addresses where someone is able to receive A A pin, provide that back and then automatically get access through that the tunnel back to the network.
Know there's a lot there IT does a lot um but anyway looks like a potentially very energy solution. At the same time, I got a note from jeff Price who also happened to right, thanks for the emails. Their very helpful, he said.
I have meaning though, though with the weekly security now you preview of the powders ast, he said, I have a medium size network at home with snow logy nas, dozens of IoT devices at set. I've been using tail scale for all remote connections. This means no open ports or port forwarding.
I also set up a system inside my home as an exit node, which means even when I am travelling, I could encysted all of my traffic back to my home and then exit from there. In other words, anything he's doing while he's traveling believes he's still at home, which can be useful for, you know, access to streaming services and so forth that have a specific geographic boundaries, he said. Tail scale has worked great and IT is much faster than open VPN.
So just another you know, reminder that the overlay network solution is almost drop in, easy to use and there are tail scale and zero tear and h. There's also nebula and net maker. There are clients for all of the various oasis uh that using and even for the various masses.
So I know there's a probably a well IT is far less flexible and capable. It's also sort of more of a home grown solution than cloud flares tunnel. Um so you know your milolika vary.
Pick the solution that seems best for you. Adam b has an intriguing problem, he said, a high Steve, i'm a long time. Listen to the show.
I'm not sure how long, but I definitely remember when you used to alto date episodes between topics and news and he means news and feedback. He says, i'm a proud spin, right? I know. And thanks to you and leo getting me interested in hacker one a few hundred dollars Better off having found a couple of local privilege escalation vulnerabilities during some poking around on my weekends, that's very cool.
So is a little bit of they are White hat hacker helping people he says, I have a question that I have not been able to find an answer to online and I thought might interest you and my fellow listeners. I'm a hobby est malware analyst, clearly from basic experience, he shared, and he said, and as part of that, I often run the samples in a network that's isolated from the internet just to see what happens. Sometimes the samples will try to communicate with a command and control server. Often the hard coded c to server is a fully qualified domain name, but sometimes it's a public I P address. I can off.
He can often be useful to pretend to be the combined and control server just to see what the sample sends when the c to server is a fully qualified domain name is easy enough to use my own DNS server in the isolated network to answer the DNS request with an a record I P address of my choosing, meaning that, right? So the malware says, A, I, I need the I P address, a bad guys dot, are you? And and because he's create an isolated network, he's got his own DNS server.
So so the machine running the generates a DNS query to bad guys. Dota, are you and the dn and the DNS response with you know one, nine, two that once six, eight, about zero, about twenty or something, which is a machine on on that network. So that's where the the malware attempts to connect to, which is his own server so he can see what's going on, he said.
However, when the c to server is a public I P address, this becomes more troublesome. I think I have two choices, he wrote. He said, one, patched the sample to change the I P address to one on the land.
Or two, somehow get my land to answer the ARP request with a mack address of my choosing. He said, the problem with choice, everyone, is that this isn't practical at scale, meaning, you know, patching the malware in order to point IT to something local. And I agree.
And he said, as you know, sometimes I like to run ten, twenty or fifty versions of the same malware family is that I don't want to have to manually patch fifty different samples. IT also seems like the less satisfactory choice. The problem with choice, too, is that I simply can't figure out how to do IT.
How can I can figure my network so that if a sample makes a request for a public I P address, in other words, one that is that in the slash twenty four of my land, the request is handled by my c to server. The best answer I could find online was concerned with art poisoning, but this seemed very unreliable and likely cause and unstable. Network IT feels like the answer will be something to do with the default gateway, but I can't figure IT out.
I hope that makes sense. I would really appreciate your thoughts on the subject. A big thank you to you, leo and the whole team kind regards, adam.
okay. What adam wants to do can definitely be done in a highly robust fashion. IT would be possible to manually add static routes to the routing table of the machine, this hosting the melt.
This would cause the traffic bound for that target IP to override the Normal non local default route, which would send the traffic out to the network gateway interface and instead to another local network interface. But doing that is tRicky and messy. The more straight forward solution, and it's really slick, would be to obtain a router that has some extra hardware interfaces.
That little net gate sg eleven hundred, which am using here, has an ox network connection. You know, it's got it's got one and land an oxx as an oxy. And it's not a simple switch using the same network as the lab.
It's a step with network interface and that can be given its own land. Or for example, one of those protective P R O T E C T L I protected volt devices. I'm using one of those at my other location are those are nice also and amazon has for sale or you can get them directly from protecting. The idea is to have an extra physical network interface, you would use the router software such as P, F sense or O, P N sense to define another small land network for that extra interface, and instead of using one of the Normal private networks like one, nine, two, that once like that, something, not something, or ten dot, something, something, something, you would create a network that includes the target IP of the command and control server. You then attach a machine, this c to your, your, your command and control spoofs server.
You tache a machine to that interface and manually assign at the IP of the command and control server that the man who is looking for now, whenever the malware in the host machine addresses internet traffic to that remote public IP, your local routers routing table will see that the IP matches within that extra network and will send the traffic to IT rather than out onto the public internet. So you wind up with a very straight forward, robust and easily adJusting and maintained solution. And yes, dale mires, okay, has a problem. I forgotten how many breaks we've take.
I thought there was something going on. We have one .
more so you could put that anywhere you want, only one back. And before we get into what is agi, yeah, thank you. Dalmar has a problem no one should ever face. He said, hi Steve.
I never thought when I started listings at zero zero zero one that there would ever be a thousand and still counting security now podcast, he said, I started at the beginning right after fred. Lana suggest that your podcast might be worthwhile. He was right at the time.
I was a volunteer in the IT department of a parochial school. The things I learned from security now LED to important improvements in our system over the years. In those days, there were not so many listeners, and you took time to answer two of my questions submitted in the feedback dialogue box at the bottom of the security now page.
Now I have a new question that raises that relates to using a password manager. He said, i've been doing a bit of traveling by air lately, and the last time I was in my travel agent office, I decided to use some of the accumulated points. SHE said.
SHE could not access my account without my password. There was a place for IT on her screen, but I could not figure out how to get the password from there or or two there from my password manager. Any thoughts? Sign deal? Mires, okay.
So my first thought was, huh? That's a really good question. How would you do that securely? And then I thought, I wonder why this isn't a problem we've heard about before. And then the question answered itself.
Since no one should ever have this problem, no one should ever be asked to give their password to someone else like a travel agent so that he could access their account. So no, it's not a bigger problem because IT should never be required of anyone, ever. The whole thing, you know, seems like a fundamental bad idea, but that doesn't help dale, who apparently does have this problem.
Even if everyone agrees, he should never have this problem in the first place. Given the deal has been listing since episode one, we know that his travel account is currently protected by a ridiculous snarly long, random and impossible to manually enter or even communicate password. So my advice would be not to even try briefly change your password to something ridiculous ly simple to type, which meets the travel systems password policies, but otherwise minimal in every way.
You know, it's only going to be that way for a few minutes, so its security doesn't really matter. Once the travel points have been transferred, the account sword can either be restored, do what I was before, or set to something new. Now a workable alternative would be to just send the accounts initial arly password via email or a text to the travel agent, let her log in, do whatever he needs, then change the accounts password to something new and super secure once the points have been moved.
Now having said that, I did get a piece of feedback from a listener about an incredibly cool look in device. I've I got IT on the way to me because I wanted understand IT and be able to talk about IT. IT is a little dongle which has a USB port, and IT is a bluetooth keyboard dongle.
Meaning that what what deal could do if he had this, or if any of our listeners had this problem, dail could have this with him, give in to the travel agent and have a plugged into her computer, you know, just any USB port. Now, very much like the original ubique, this thing looks like a USB keyboard. So then if there are, there are android and IOS and other apps for this thing.
So deal would be able to send his password through this APP. And IT would type into the password field on the travel agent computer, which is kind of a cool hack anyway. Uh, I will i'll know more about IT.
I I i'll have all the details in next week's podcast for anybody who wants to jump ahead. IT was not cheap as thirty seven dollars ah and has been shipped from poland as I recall. But still, I thought I was of a cool thing.
Chris c asked while back, you said something about a large company that was fined for not keeping teams or slack chat as required by federal law. Do you remember who this was and what the law was? So I replied to Chris, I vegan recall that in passing, but I have no specific recollection.
And I said, just on site search in the upper right of every page can be used to search only the podcast transcripts, which are fully index, so you might be able to track down the reference that way. So that was my reply to Chris. I wanted to share this because I use G, R, C, search from time to time myself, in the same way when i'm looking for something from our own past.
You've heard me casually mentioned that we talked about something, know whatever IT was now back during podcast number, whatever I don't you know. So I just don't want anyone to imagine for a second that I recalled that podcast like Chris here. I did recall that IT was something that was mentioned, but not what or when.
Since I get these sorts of questions, often like that, Chris asked, I just want to pass on to everyone. Both the show notes and the lanes precise transcripts are fully index, and that index can be easily searched using grc search box. And I checked a little bit later, Chris had replied. He's responded, thank you. Examination point, I didn't know that was there, he said, I found IT in sn number nine, fifty nine.
He said, google did not help me, but the search engine on your side powered by the same company, did so again, we do have you essentially podcast specific search, which will allow anyone to find something that they think they recall that we talked about before, but can't remember exactly where or when. Uh, you're free to keep asking me, but you know, all this is the same thing you could do, which is to use little search box in the upper right of every page at grc. And leo, we are ready to talk about artificial general intelligence, whatever that is. Well, at least maybe know what IT is, even if we don't know when about half an hour from now. But let's take our last break and then we'll plow into that.
I'm excited. I'm really excited. I'm ready to take notes I show they brought to you by those great folks that delete me.
I have some direct experience to delete me because we have been using IT for our CEO for some time now. If you've ever searched for your name online, I don't actually recommend that you do this. But if you've done that, you know how much of your personal information is right there in public.
It's all data brokers. They've been collecting this stuff for years. Every APP you use, it's not just tiktok, it's facebook, it's instagram.
Every site you visit and they take all the information they coate IT and they make basically a docia about you and your and your family, about everybody, you know, maintaining privacy more than a personal concern is a family affair. That's why delete me has introduced family plans, so you can have to lead me for everyone in the family. I think, and I think they do have this corporate plans as well.
Think that's what we use because you really should have delete me for every manager in your company we ran. I've told the door before. Forgive me if it's you've heard IT before, but we rand delete me because lisa, somehow bad guys figured out what her phone number was, what companies you were for and who were her direct reports were and what their phone numbers were.
I wonder where they got that and from, right? And as a result, they we're able to do a spearfishing campaign purporting to be text from leases. Phone the ceos phone thing quick.
I need some amazon gift card. I'm in a meeting, get them and send them to this address. Fortunate employees are smarter than that, but he immediately told me we got to do something to reduce the amount of information about our management online.
And that's when we went to delete me. Delete me helps reduce risk from identity theft, from cyber security threats like that, from harassment, you know, from all of the things privacy violations can do. IT is not a nice thing.
Delete me's experts know where the data is. They will find and remove your information from hundreds of data brokers. And by the way, if you get the family or the corporate plan, you can assign a data sheet for each member.
It's tAiling to them so that you could say, well, totally, the instruct gram information, but do delete the face of that kind of thing. Easy to use controls. So as an account manager, you can manage privacy settings for the whole family.
But this is important once they've removed that data, you know just then walk away because you could do that yourself first while you need know the hundreds of data brokers out there. But then you need to know as new one's come online and they do every single day, it's a very profitable business. You need to know to go back and that's what delete me.
Does they continue to scan and remove your information regularly nearly from the existing data brokers, from all the new ons that pop all the time? And i'm talking addresses, photos, emails, relatives, phone numbers, social media, property value, everything. It's all online data brokers have at all.
Until we get a comprehend of privacy law in this country protecting you, you gotta protect yourself and your family and your business. Reclaim your privacy by going to join delete me to come slash to IT. The offer code tweet gets twenty percent off, which is a great deal.
Join delete me dot com slash twit and use the offer coat twit for twenty percent. And if you if you want to go to join the libby duck house slash twit, look at all the offerings. They have a very a granular set of offerings that can really do the things you need to do to protect yourself online.
So very much recommend looking at all that. It's really an amazing company. Join delete me dot com slash to IT. Thank you. Delete me, by the way, after the national public data broker breach, Steve, we search for my name right there, my social, everything that this is not laces.
And I thought that that's that's a pretty telling thing that let me really worked joined to lime that come sledge to IT. Thank you. Delete me, right? I've been died. And to hear this.
Steve gibson on agi. Well, okay, Steve, and surveying a bunch of people's feeling about agi, I want to know what you think too.
though I think you're probably .
give us some idea yeah I do have some feeling so okay um I should note that I already have everything I need with thanks to today's ChatGPT for o and IT has changed my life for the Better. I've been using IT increasingly. As a timesaver in sort of in the form of a programing language super search engine and and even a syntax checker. Um i've used that sort of as a crush when I need to quickly write some throwing code in a language like PHP where I do not have expertise but I want to get something done quickly. I just you know i'd like now get solve a quick problem, you know pass a text file in a certain way into a different format that sort of thing.
Um in the past I would take you know if I was a more some more bigger project than that an hour to put in quarries in the google following links to the programmers, corner stack overflow or other similar sites and I would piece together the language construction that I needed from other similar bits of code that I would find online, or um if I was unable to find anything useful like you to solve the problem. I would then dig deeper in through the languages actual reference texts to find the usage in the syntax that I needed and then build up from that, you know, because, you know, after you programmed to budget languages, they're all sort of the same largely. I mean, lisp is a different animal entirely, as is apl.
But but the procedural languages is just a matter of, like, okay, what are I use for inequality? What are I use for? You know, how exactly are the looping constructs built that kind of thing?
Um that's no longer what I do because I now have access to a what I consider a super programing language search engine. Now I ask the experimental coding version of ChatGPT for whatever is I need. I don't ask you to provide the complete program, since that's really not what I want.
You know, I love coding in any language, because I love puzzles and puzzles, our language ignostic. But I do not equally know the details of every other language there. There's nothing ChatGPT can tell me about programing assembly language that I have not already known for decades, but if I want to write a quick throw a way utility program, like in visual basic dot net, a language that I spend very little time with.
And because I like to write an assembly language, you but I need to, for example, quickly implement an associated array, as I did last week, rather than poking around the internet or scanning through the visual basic syntax to find what i'm looking for. I'll now just pose the question to ChatGPT. I'll ask IT very specifically and carefully for what I want, and in about two seconds i'll get what I may have previously.
Spent thirty to sixty minutes sussing out online. IT is transformed my working path for those sorts, for that class of problem that that I ve traditionally had. It's useful whenever I need some details where I do not have expertise is that I think the way I would put IT, and i've seen plenty of criticism levied by other programmers of the code produced by today's ai.
To me, IT seems misplaced. That is, their criticism seems misplaced. And maybe just a bit nervous and maybe they're also asking the wrong question. I don't ask ChatGPT for a finish product because I know exactly what I want and i'm not even sure I could specify the finished product in words or that that's what it's really good for. So I ask IT just for specific bits and pieces, and I have this report that the the results have been fantastic.
I mean, IT is literally it's the way I will I will now code languages, I don't know, I think is probably the best way to put IT. IT is no it's interesting. The internet and and you know obviously we have to use the term in knowing them very advisedly IT doesn't know them, but whatever IT is, I am able to like ask you a question and I actually get like really good answers to to tight problem domain questions.
okay. But what I want to explore the day is what lies beyond what we have today, what the chAllenges are and what predictions are being made about how and when we may get more, whatever that more is. You know the there where we want to get is generically known as artificial general intelligence, which is abbreviated.
Okay, so let's start by looking at how wikipedia defines this goal. Wikipedia says artificial general intelligence is a type of artificial intelligence that matches or surpasses human cognitive capabilities across a wide range of cognitive tasks. This contrasts with narrow A I, which is limited to specific tasks.
Artificial super intelligence. A S I, on the other hand, refers to a gi that greatly exceeds human cognitive capabilities. A G I is considered one of the definitions of strong ai.
They say creating agi is a primary goal of A I research and of company such as OpenAI and meta. A twenty twenty survey identified seventy two active agi research and development projects across thirty seven countries. The timeline for achieving agi remains a subject of ongoing debate among researchers and experts as of twenty twenty three.
Some argue that IT may be possible in years or decades. Others maintain IT might take a century or longer, and the minority believe IT may never be achieved. Notable A I researcher, Jeffery hinton, has expressed concerns about the rapid progress toward a, suggesting that could be achieved solar than many expect.
There's debate on the exact definition of agi and regarding whether modern large language models L, L, ms, such as such, such as GPT four r early forms of agi contention exists over whether agi represents an existence al risk. Many experts on A I have stated that mitigating the risk of human extinction posed by agi should be a global priority. Others find the development of agi to be too remote to present such a risk.
Agi is also known as strong A I, full A I, human level ai or general intelligent action. However, some academic sources reserve the term strong A I for computer programs that experience sentience or consciousness. In contrast, weak AI or narrow ai is able to solve one specific problem, but lacks general cognitive abilities.
Some academic sources use weak AI as the term to refer more broadly to any programs that neither experience consciousness nor have a mind in the same sense as humans. Related concepts include artificial super intelligence and transformative A I. An artificial super intelligence is a hypothetical type of agi that is much more generally intelligent than humans, while the notion of transformative A I relates to A I having a large impact on society, thus transforming IT.
For example, similar to the agricultural or industrial revolutions, a framework for classifying agi levels was proposed in twenty twenty three with google deep mind researchers or buy google deep mind researchers, they define five levels of agi, emerging, competent, expert, virtuoso and superhuman. They defined for, for example, a competent A G I is defined as an age that outperforms fifty percent of skilled adults in a wide range of non physical tasks. And a superhuman agi, in other words, and artificial super intelligence, is similarly defined, but with a threshold of one hundred percent, they consider a large language models like ChatGPT or lama two to be instances of the first level emerging agi.
Okay, so we're getting some useful language and terminology for talking about these things. The article that caught my eye last week as we were celebrating the thousand episode of this podcast was posted on perplexity AI titled ultimate predicts a gi by twenty twenty five. The complexity ity peace turned out not to have much meat, but I did offer the kernel of some interesting thoughts and some additional terminology and talking points.
So I want to share IT perplexity, wrote OpenAI CEO sam altman n has stir the tech community with this prediction that artificial general intelligence agi could be realized by twenty twenty five, a timeline that contrasts sharply with many experts who for c ags arrival much later despite skepticism, all ministries that OpenAI is on track to achieve this ambitious goal, emphasizing ongoing achievements and substantial funding, while also suggesting that the initial societal impact of agi might be minimal. In a why combinator interview, altman, a expressed excitement about the potential developments in A G. I for the coming year.
However, he also made a surprising claim that the adventure agi would have surprisingly little impact on society, at least initially. This statement has Sparked debate among A I experts and enthusiasts, given the potentially transformative nature of agi and old man's optimistic timeline stands in start contrast to many other experts in the field, typically project agi development to occur much later around twenty fifty. Despite the scepticism, altmann maintains that OpenAI is actively pursuing this ambitious goal, even suggested there might be possible to achieve A G, I with correct hardware.
This confidence couple with open a eyes, recent six point six billion funding round and its market valuation exceeding one hundred and fifty seven billion dollars underscores the company's commitment to pushing the boundary of AI technology. Achieving artificial general intelligence faces several significant technical chAllenges that extend beyond current A I capabilities. So here we have four bull points that outline where, where, what agi needs, that there is no sign up today.
First, common sense reasoning. A G I systems must develop intuitive understanding of the world, including implicit knowledge and unspoken rules, to navigate complex social situations and make everyday judgments ments number two, context awareness. Agi needs to dynamically adjust behavior and interpretations based on situation, factors, environment and prior experiences.
Third, handling uncertainty. A G I must interpret incomplete or ambiguous data, draw inferences from limited information, and make sound decisions in the face of the unknown. And fourth, continual learning. Developing age systems that can update their knowledge and capabilities over time without losing previously acquired skills remains a significant chAllenge.
So one thing that occurs to me as I read those four points, reasoning, contextual and awareness, uncertainty and learning, is that none of the ais i've ever interacted with has ever asked for any clarification about what i'm asking. That's not something that appears to be wired into the current generation of AI. I'm sure I could be simulated if I would further raise the stock Price of the company doing IT, but IT wouldn't really matter, right? Because IT would be a faked question like that very old eliza suda therion program from the seventies.
You know, you you would type into IT. I'm feeling sort of a cranky today. And IT would reply, why do you think you're feeling sort of cranky today? IT wasn't really asking a question. He was just programmed to seem like IT.
Was you understanding what we were typing in? The point I hope to make is that there's a hollow ones to today's A I know it's truly an amazing search engine technology, but IT doesn't seem to be much more than that. To me, there is no there's no presence or understanding behind its answers.
The complexity article continues, saying overcoming these hurdles requires advancements in areas such as neural network architectures, reinforcement learning and transfer learning. Additionally, agi development demands substantial computational resources and into disciplinary collaboration among experts and computer science, neuroscience and cognitive systems. Gy, while some A I leaders like sam altman n predict agi by twenty and twenty five, many experts remain skeptical of such an accelerated time eline a twenty twenty two survey of three hundred and fifty two.
A I experts found that the media estimate for agi development was around twenty sixty, also known as security. Now episode two thousand eight hundred and sixty um ninety percent of the three hundred and fifty two experts surveyed expect to see agi within one hundred years, ninety percent expected. So not to take longer than one hundred years but the media is is by twenty sixty so no not next year, as sam suggests, they wrote.
This more conservative outlet stems from several key chAllenges. First, the missing ingredient problem. Some researchers argue that current AI systems, while impressive, lack fundamental components necessary for general intelligence.
Statistical learning alone may not be sufficient to achieve A G. I. Again, the missing ingredient problem, I think that sounds exactly right. Also training limitations, creating virtual environments complex enough to train and agi system to navigate the real world, including human deception, presents significant hurdles and third, scaling chAllenges. Despite advancements in large language models, some reports suggest diminishing returns in improvement rates between generations.
These factors contribute to a to a more cautious view among many A I researchers who believe agi development will likely take decades rather than years to achieve. OpenAI has recently achieved significant milestones in both technological advancement and financial growth. The company successively closed and here there they're saying again, a massive six point six billion funding round, valuing at at one fifty seven billion dollars.
But you know who cares? That's just, you know, sam as a good salesman, they said this round attracted investments for major players like microsoft and video and soft bank. The tech industry's confidence in open a potential the company's flagship product, ChatGPT, has seen exponential growth, now boasting over two hundred and fifty million weekly active users, and you count me among them.
OpenAI has also made substantial inroads into the corporate sector, with ninety two percent of fortune five hundred companies reportedly using its technologies. Despite these successes, OpenAI faces chAllenges including high Operational costs and the need for extensive computing power. The company is projected to incur losses of about five billion dollars this year, primarily due to the expenses associated with training and Operating its large language models. So when when I was thinking about this idea of, you know, we're just gone to throw all this money at IT and it's gonna lay the problem and all look, you know, the solution is gonna.
Next year the the analogy that hit me was curing cancer because there there sort of is an example of, you know, all look, we just we had to breakthrough and this is good if you know, cure cancer is like, no, we don't really understand enough yet about human biology to to say that we're going to do that and I know that the current administration has been in all these cancer moon shots and is like, okay, have you actually talk to any biologists about this? Or you just think that you can pour money on IT and it's going to do the job. So that's not always the case.
So to me, this notion of the missing ingredient is the most salient of all of this is like what we may have today has become very good at doing what IT. But IT may not be extendable. IT may never be what we need for agi. But I think that that what i've shared so far gives a bit of calibration about where we are and what the goals of A G R of A G I are.
Um I found a piece also in information week where the author did a bunch of interviewing and and quoting the people that I just I want to share just to finish this topic of IT was titled artificial general intelligence in twenty twenty five good luck with that and I had the teaser A I experts have said IT would likely be twenty fifty before agi hits the market OpenAI CEO sam altman says twenty twenty five but its a very difficult problem to solve so they wrote a few years ago A I experts were predicting that artificial general intelligence would become a reality by twenty fifty. Open eye has been pushing the art of the possible along with big tech, but despite sam altman's estimate of twenty twenty five, realizing agi is unlikely soon. Hp new quest, author of the brain makers and executive director of the relay er group, a consulting firm that tracks the development of practical A I said we can't presume that we're close to agi because we really don't understand current ai, which is a far cry from the dreamed of A G.
I. We don't know how current A I arrive at their conclusions, nor concurrent a even explain to us the processes by which that happens. That's a huge get that needs to be closed before we can start creating N A, I. That can do what every human can do and a hallmark of human thinking, which agi will attempt to replicate, is being able to explain the rationale for coming up with a solution to a problem or an answer to a question.
We're still trying to keep existing large language models from hu Cindy unquote and just interrupt t to say that I think this is the crucial point either I know rather earlier I described ChatGPT as being a really amazingly powerful internet search engine. Partly that's because that's what i've been using IT to replicate um for my own needs. As I said, it's been a meracle less replacement for a bunch of searching I would otherwise need to do myself.
My point is this entire current large language model approach may never be more than that. This could be a dead end, you know, if so, it's a super useful dead end. But IT might not be the road to agi at all.
IT might never amount to be more than a super spitzer search engine. The infoseek article continues. OpenAI is currently alpha testing advanced voice mode, which is designed to sound human, such as pausing occasionally when once speaks to draw breath.
IT can also detect emotion and non verbal clues. This advancement will help A I A I seem more human like, which is important, but there's more work to do and and Frankly, that's where we begin to get into the category of party tricks in my opinion. Like you know, making IT seem like more than IT is, but I still isn't IT were teen CEO of zero GPT, which detects generative A I use in text, also believes the realization of agi will take time.
In an email interview with the article's author, Edward said, quote, the idea behind artificial general intelligence is creating the most human like A I possible, a type of A I that can teach itself and essentially Operate in an autonomists manner. So one of the most obvious chAllenges is creating A I in a way that allows the developers to be able to take their hands off eventually, as the goal is free to Operate on its own technology, no matter how advanced, cannot be human. So the chAllenge is trying to develop IT to be as human as possible.
That also leads to ethical dilema. Regarding oversight, there are certainly a lot of people out there who are concerned about A I having too much autonomy and control, and those concerns are valid how the developers make A G I, while also being able to limit its abilities when necessary. Because of all these questions that are limited capabilities and regulations. At the present, I do not believe that twenty twenty five is realistic. Current A I, which is artificial narrow intelligence A N I, performs a specific task well, but IT cannot generalize that knowledge to suit a different use case.
Max lee, the CEO of the decentralized AI data provider, or and an adjunct associate professor in the department of electrical engineering at columbia university, said, quote, given how long IT took to build current AI models, which suffer from incessant sorry, from inconsistent outputs, flaw data sources and unexplainable biases, IT would likely make sense to perfect what already exists, rather than start working on even more complex models in academia. For many, for many components of agi, we do not even know why IT works, nor why IT does not work. unquote.
To achieve A G, I, A system needs to do more than just produce outputs and encourage, employ and engage in conversation, which means that LLM alone won't be enough, alex James, chief A I officer at the A I company data miner, said in an e mail interview. Cope IT should also be able to continuously learn, forget, make judgments that consider others, including the environment in which the judgments are made. And a lot more for that.
From that perspective, we're still very far it's hard to imagine agi that doesn't include social intelligence. The and current AI systems don't have any social capabilities, such as understanding how their behavior impacts others, cultural and social norms. Etta unquote, sergey cause, to which the deputy C T.
O. At the gambling software company software said, quote, to get to agi, we need advanced learning algorithms that can generalize and learn autonomously, integrated systems that combine various AI disciplines, massive computational power, diverse data and a lot of disciplinary collaboration. For example, current AI models like those used in autonomists vehicles, require enormous data sets and computational power just to handle driving in specific conditions, let alone achieve general intelligence.
Unquote LLM s are based on complex transformer models. While they are incredibly powerful and even have some emergent intelligence, the transformer is retrained and does not learn in real time. For agi, there will need to be some breakthrough with A I models.
They will need to be able to generalize about situations without having to be trained on a particular scenario. A system will also need to do this in real time, just like a human can when they intuitively understand something. In addition, agi capabilities may need a new hardware architecture such as quantum computing, since GPU will probably not be sufficient.
Note that sam altman has specifically disputed this and said that current hardware will be sufficient. In addition, the hardware architecture will need to be much more energy efficient and not require massive data centers. L L, are beginning to do causal inference and will eventually be able to reason theyll also have Better problem solving and cognitive capabilities based on the ability do injust data from multiple sources. So okay, what's interesting is the degree of agreement that we see among separate experts. You know they're probably all reading the same material.
So there are some degree of of convergence and they're thinking but you know all men is an outlier um and that seems to me as though these people know what they're talking about from the things they've said um perhaps you know maybe sam has already seen things in the lab at OpenAI that no one else in the outside world has seen because that's what IT would take for sam to not be guilty of overhanging and over promoting his companies near to term future. Now I put a picture in the sooner you had on the screen there a second go, leo. That is not a markup, that is not a simulation.
This is an actual image of a tiny piece of cerebral tissue those are neurons and axons and dendrites. They are the the the coloration was added but that but those that is actual human brain tissue in that photo in the show notes um i'm. Especially intrigued by the comments from the top the top academic AI researchers in the world who admitted to this day no one actually understands how large language models produce what they do.
Given that i'm skeptical that just more of the same will result in the sort of quality native advancement that agi would require, which is certainly not just more of the same. When I said in the past that I see no reason why a true artificial al intellect could not eventually be created, I certainly did not mean next year I meant some day. I meant that I believe that a biological brain may only be one way to create intelligence.
One thing I ve acquired during my research into the biology of the human brain is a deep appreciation for the astonishing complexity, I mean, astonishing, of the biological computing engine, that is us, the number of individual computing neurons. And the human brain is ten to the eleven. okay? So that's one hundred billion, one hundred billion individual neurons.
A billion neurons, one hundred times over. So consider that a billion neons a hundred times. And not only are these individual neurons very, Richard, interconnected, typically having connections to twenty thousand others, each individual neuron is all, by itself, individually, astonishingly complex in its behavior and Operation.
They are far from being simple, integrative binary triggers, like, you know, we learned in elementary school, and we have one hundred billion of these little buggers in our heads. So perhaps sam is going to a surprise, the rest of the world next year. We'll see.
Color is sceptical but not disappointed. As I said, i'm quite happy to have discovered the wonderful language accessible internet digest that ChatGPT is. You know, that's more than a simple paraty.
It's a big deal and it's, I think, kind of magic. But I suspect that all IT is, is what IT is. And for me, that's enough. For now, i'd wager that we have a long ways to wait before we get more.
What how how would you know if something is in an agi? That's one of the things is bothered me. The turing test is not real. There's a chinese room test that may be a little Better. I think there's really no way to judge at agi.
No, no. I mean, IT IT would. Well, another perfect example is chess. Once a part of time, you could have easily said, well, humans are they like, you know humans can play chess, no machine to play chess, right right?
I mean that that was something people were saying for a long time right now, just the the computers are blown pastas so um and and for me and and I know that you've also used a constrained domain, large language models. What would you have trained by dumping all of a bunch of lisp textbooks and do IT and then be able to ask questions? You know this is a fantastic technology that we have.
I think IT is it's very much in the same way that like the solution we have for cancer is by by by using uh, chemotherapy to limit growth of our whole body because cancer cells are are a problem because they're able to reproduce that such a high rate. I mean, it's it's like like we don't we have even begun to to to start an actual cure. Uh, we just have sort of mitigation that is able to to push people in into remission. So my feeling is that I agree with the experts who suggest that the what we may see today is we should regard as nothing more than what IT is. And there's no reason to believe that, that we're gonna a get is some sort transformation just by getting more of the same.
Yeah, I also think that looking for an agi is maybe not really the sensible end of goal that machines could be as useful as an agi or as powerful in a gi without actually being a general intelligence. I don't know if that's a reasonable thing that would be measuring. Well, IT is .
certainly the case that if you if we had something where people could could describe casually exactly how and how they wanted a computer program to Operate, and actually, like, got a functioning.
error free.
bug free, yes, thing that would be transformative for the world of coating. And I would not be surprised, yes, I would not be surprised if we don't have something like that. Before long.
I asked my one of my favorite a is perplexity AI, which is a search internet search engine. You should give you a try. And that's how you seem to think, seem to like using AI.
So I asked, is a test for agi? Imagine a turning test, some other tests, but then imagine some casual tests, like the coffee test. And AI enters an average american home and figures out how to make coffee.
You know what? If, if, if a robot could do that, IT may not be agi. The boy that's that's impressive, or could go to college rolls and university obtains a degree, passing the same classes as humans.
I think we might be close to that. The ika test in AI controls the robot to assemble flat pack furniture correctly. After viewing parts and instructions, many humans can do that.
So that would be an interesting test as well. I just I think that that those are obviously kind of silly, but that points out there is no kind of accepted definition for what agi is. And there are many different ways.
Just as with humans, there are many ways to be intelligent. I think there are many ways for a machine to be usefully intelligent. If the machine could come in my house and make coffee without any advanced knowledge about that, except kind may be a basic, basic idea of what coffee isn't, how to make IT, i'd be impressed. I think that would be useful, may not be agi, but would be pretty cool. And yeah.
there was a time our life when we were growing up, there was a game called dim .
and name .
and there was a way to to set up um a um a computer using match boxes and match sticks. Where where you would you you basically this thing was like a very early combats al computer and and by by IT iterating on this, you would you were training IT to make the right decisions over time about how many sticks to take away when a certain number of of matchsticks remained. And mean that this is the kind of that, the fascinating, as I was a kid, I was climbing stairs on the outside of the band ister. I was.
But that's combinatorial math. And you can easily see how would be simple to program something. I have a kind of a famous book, a this book is that turns out by a Peter norvir called the paradigms of artificial intelligence programing.
And IT talks about the some of the earth is is an early book, I think thirty or forty years old now, it's in public domain, is settled. But he talks about some of the early attempts to do what he called the GPS, a general problem solving machine. And it's basically that it's a combinator oral thing.
I'll try this and then this and then this, and that is a work right? Backtrack and try this and this. And you can see how you could self chest that way, ve given a fast enough machine or even go, which is a lot more difficult to play a and chess or protein folding, a lot of things that does. Those are useful tools. Maybe not intelligent, but we don't even know a human intelligence so I .
don't know how yeah and and I think you're right when you measure protein fold and there are many people who are expecting with like that that what we have now or could have in a year or two could make you know dramatically change healthcare. By by like you looking at mass amounts of data and and pulling associations and relationships out of that, that we don't see, right? Because he just has a scope that, that we don't have.
and that's really more question. And that has something to do more with capacity. The amount of data you can store, which is so much faster than a human mind, the amount of speed with which you can process IT again faster than a human, that doesn't make an intelligent, that just makes you faster and bigger and Better than, in some ways, I think, is a fascinating subject.
I am really probably feel the same way as as science fiction fans. I think we both would love to see agi in our lifetime. Be fun to talk to an alien intelligence that we created.
IT would certainly be the case that that creating a conversation would be a next step or if if you actually got a sense of there being something there, I I know I get no sense that is anything other than and it's clearly IT refers to itself in the first person. You know, it's like, let me know if it's anymore I can do for you so they're like, you know, they gave you a bunch of sugar coating that is designed to make us think like, know like we talking to to an entity, not an entity. Even the word .
illustration really is an inappropriate at the motivation of what's really going on.
Yeah, calling a mistake.
mistake.
a mistake.
It's an error. Steve has always fascinating show, great information, lots of food for thought. We just got an email from a prisoner who listens to the show, but is he's allowed to listen to the podcast in the in the library, but he can't read the shown notes because he does not have access to the internet and he said, could you print out the show notes and male them to me? And I think we will I think that that I think they should allow that talk about rehabilitation.
Start listen to this show by the time you get to episode one thousand two, you're gonna pretty smart about this computer style. You'll have a career when you get out. Thank you.
Well, you might. Well, i'm glad you listen to the show, and I hope you keep listening. A special thanks to our club, to IT members who make this possible with her seven dollars a month.
That's all IT is that's the lowest Price of any podcast network for all the shows we do, for all the content we do for access the add free versions of the shows specials we put on, like our photo specials or coffee specials coating. There's all sorts of stuff going on crafting in the club. I think that's a pretty good deal for seven books.
And IT really makes a difference to our bottom line if you have not yet joined, please go to twitter TV flash club to IT two weeks free. You can see what it's like. And if you refer somebody, you'll get a link when you sign up.
If you use that link put on your social and refer somebody, you will get a free months for everybody who joins, which means you could possibly, if you have enough friends, never pay for club to IT at all twitter TV lection club to IT spread the word and for our existing members. We thank you so much. We do this show every tuesday, read after me, crick weekly, then ends up being about one thirty to pm pacific, let's say five pm during twenty two hundred UTC.
I mentioned when we do IT because we stream IT again, thanks to the club members, we're able to stream this live on eight. I have to put up the fingers because lose track. Eight different platforms.
There's the club to IT discord. There's tiktok, there's xta com, twitch, youtube linked in kick. And I left out some facebook.
Did I get linked in one of them? Lots of places. You know, if you go to twitch that TV slash live, you'll see a list of all of them.
Watch live if you want. But I highly encourage you to get a copy of the show. Now you get IT from Steve if you want. We certainly encourage you do to do that.
Grc dot come, he has a couple of unique versions on his website, the sixteen killed bit audio version, which is little scratchy, but it's small. It's small, small but scratchy. I know people like that.
He also has the sixty four killed about audio less scratch. Chy sounds a lot Better, but yeah, it's five times bigger, four times bigger. He also has the transcripts, which are great.
We mentioned those earlier, or lane forest as those. He does a wonderful job, their grave for searching, or I think people like to read along. Fact, somebody had a tip.
I saw that. Listen, a double speed and then read along with IT. You'll understand IT all completely, but you'll get IT done in a half the time is not a clever idea.
Try IT to get like having a subtitles. Yes, year. Yeah exactly. Except titles for the show.
G and really good ones, right? Not computer generated grc that come on you there. Take a look at spin, right? Six point. One is the current version of the world's best mass storage, maintenance, performance enhancing and recovery utility. If you have mass storage, you need spin, right?
Get a copy right now.
It's step's bread and butter, not. But soon something else is coming along. I will be paying for that perversion of the dma, a bench marketing, and that's we could be I can't wait to see that. I keep that one and all the time, lots of other stuff there for free, including wheels up.
Gr c document.
somebody was saying, if he email said Steve, just publish his email, I would send IT them. Do not send me email for Steve. Send IT to Steve. Here's how go to grc that comes slash email. Enter your email address excuse me, optionally sign up for the news letters, but that's something you don't have to but he will invalidate your email, dressing english.
send a email, a security. Now at grc docotor.
you just send IT. It's amazing that's new actually and it's a really good solid solution to to see emails problems. So again, gc dom slash email we have to show in our website took that TV slash sn.
When you're there, you'll see a link to the youtube channel. Great way to share little clips. Please do that.
People don't listen to secure now shit. Send them some useful stuff. So you're missing a great show. Um you should be listening. That helps us a lot.
So G R C, i'm sorry, twitter TV slash S M, there's a youtube a link there and there's also, of course, best way to ism subscribe in your favorite podcast player. You'll get IT automatically. There's audio and video and know then you don't have to ever worry about IT. You'll have a security now in your inbox suitable for listening at any time. Still have a great week up about a third of the way through Peter .
f hamilton's acidic it's dragon a little bit. I am at three quarters and it's like, okay.
I was afraid of that yeah so far I have to say a third of the .
way and it's gripping well, so inventive IT is definitely that. See which you think when you get to seventy five percent i'm talk it's like, okay, well, no, it's a lot of work. You really get what that in your science fiction no.
you've got to what they call the slog. Yeah, the slog is never fun. We got the slog with .
that one with the alcohol slag, and then the other were last. Whatever that I don't, I didn't remember that all the kids on that planet, they were running around and know what happened is okay, Peter.
it's hard to write a thousand page novel and keep IT going all time.
yeah. Well, what we still love.
we do. Thank you, mister gives and have a great week. See you next week.
Security now. But how do why?
So you really now.
This episode brought you by promise o security is the biggest non negotiable in business, the only thing more important than data, making sure you don't lose IT. So when IT comes to google cloud products, promise o is the trusted guide for all your needs.
As a google premier partner, pro evo is one hundred percent google focused and can help your organza get the full value from solutions like google workspace, google clan platform, german I N vertex AI, google chrome hardware and more to streamline the way that you do business prome VS comprehension management platform g panel enhances google works space security with real time reporting and alerts. So no more worrying about a disgruntled mpl yee trying to delete google drive folders or locking important files on their way out the door. No matter the size of your organization, pro evo is with you every step of the way with unmatched expertise, commitment, learn how promotes o can help you harness all google sweet capabilities at promise o dot coms like security.
Now, today, show has brought you by progressive insurance. Do you ever think about switching insurance companies to see if you could save some cash? Progressive makes IT easy to see if you could save when you bundle your home and auto policies. Try IT at progressive dot com, progressive casual insurance company affiliates. Potential savings will vary not available in all states.
Marketing is hard, but i'll tell a little secret IT doesn't have to be. Let me point something out. You're listening to a podcast right now and it's great.
You love the host. You seek IT out and download IT. You listen to a while driving, working out, cooking, even going to the bathroom. Podcasts are a pretty close companion, and this is a podcast adad.
Did I get your attention? You can reach great lessons like yourself with podcast advertising from libs in ads, choose from hundreds of top podcasts, offering host endorsements or rn na reproduced ad like this one across thousands of shows. To reach your target audience in their favorite podcasts with libin ads, go to libin ads dot com. That's L I B S Y N. And that come today.