SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch
02:25:09 Share

It's time for security. Now Steve gibson is here. He says there's not a lot of news that we're going to do, a lot of questions from the audience, feedback and so forth. And then Steve will explain in his understanding of what is going on with A I, the search for artificial general intelligence and how close we are coming. I think you're like this episode, security now is next.

Podcasts you love from people you trust.

This is quiet. This is a security now is Steve gives in episode one thousand one recorded tuesday, november nineteen nineteen, twenty twenty four. Artificial general intelligence.

It's time for security. Now show we cover your security, privacy, safety, how computers work. What's so intelligent about artificial intelligence? All that with the most intelligent guy. I know this cat right here, mister Steve.

given I am not that leo, you're not that no, i'm a but if we call a domain expert, yes, some experts in a couple places. But when IT .

comes to sadoc u, you're just like the rest of us.

And when IT comes to artificial intelligence, i'm claiming no expertise. Um what I wanted talk about, as I said last week, artificial general intelligence, agi, everyone throwing the term around, we're hearing people talking about IT. What caught my attention was when sam altman n, the informers and famous uh, C, E, O of OpenAI, he claimed, oh yeah, we'll have that next day, next year every day he said, twenty twenty five yeah and is like what but he's kind .

of a salesman as well.

Yes, maybe this was just a national stock Price boost employ, but I wanted to take some time. I found a couple interesting articles with with a lot of other people in the industry interviewed and some academics interviewed. And I thought, lets you let let so so today is like, not no one's going to find out some great revelation about A G I as I don't have IT, but you know it's clearly a thing and I just thought we should kind of put a marker down and say, okay, here's there's where IT is.

So you've done that before. You did IT with bloc k chain is very frequent that you are able to cause that's that's how you work, digest all this stuff. You're kind of our retrieval augmented generation.

You'd digest all this stuff and give IT back to us. So understand. So I very much look .

at for this episode well. And if the most of time, if I spend some time, you know, digging in, and then that would be interesting. But we ve got a bunches of the talk about, we're going to look at all, this is a great story, how microsoft lord the U.

S. Government into a far deeper and expensive dependency upon its own preparatory cyber security solutions. Then they buy administration, expect did also gmail will be offering native throw away email at allies, much like apple, a mazilla touch on that, oh my god.

And russia, well, they're banning additional hosting companies. They're going to give their big internet cut off switch another trial next month, and some other things will be able to talk about. They, oh, and they used a diabolical windows floor to attack ukrainians.

IT was found by a, by a security group. And boy, when our old timers find out what that something we assumed was safe might not be safe to do, it's gonna ise some here. Also, we're going to look at, oh, I have A A note for my a listener about the value of oat of old security.

Now episodes are going to touch on true quips, successor also using cloud flares, tunnel service for remote network access, another of our listener city. This is what i'm doing. So we're going to share that. Also answer the question about how to make a local server appear to be on a remote public I P, which in in this case is coming in handy for for pretending to be a remote command and control server when testing male. Also how to share an impossible to type a password with someone else.

Oh, and another listener asked, and I answered, and then he confirmed about finding obscure previous references in the security now podcast so that and then we're going na dig into this whole question of what is artificial general intelligence and how how is what we have today. FAiling that, what are the recognized and widely agree upon characteristics that I has to have and when might we get some? So I think a great podcast.

There was not, as you could tell, there was not a huge amount of news. I looked everywhere for good stuff. Uh, but boy, I I add IT up. I think I have forty, three hundred, some, some not, plus some inbound pieces of email from my .

listeners.

Oh, so like since began, i'm not starving at all for for listener feedback. And you know I think it's it's fun. Actually, we've got changing this from twitter to email, completely change the field of the feedback since no longer needs to fit into two hundred eighty characters get off.

And so a lot more. And a great podcast. Oh, and leo, and we are starting in on our second thousand. This is podcast number of one thousand and .

one I had .

really thought of a second thousand .

right in the perspective.

everything. Okay.

okay. Well, you and I are going to work on IT. We're going to our best. That's all we can promise. Just I look different .

than I did twenty years ago.

but you look about the same.

Do you get your hair still nice? Silver.

the Better. I love the bet I showed, brought you by very happy to say big I D. This really, really interesting company. They're a leading data security posture management solution. Sometimes they called dsp m big ideas.

The first and only dsp m solution uncover dark data to identify and manage risk to remediate the way you want, scale your data security strategy through on match data source coverage. Big idea seamlessly integrates with your existing text tag, allows you to coordinate security and remediation workflows. You can take action on data risks, annotate, delete, quarante and more based on the data, all while maintaining an auditorium.

Very important for compliance partners include service now, palo alto networks, microsoft course, google AWS and more, and more and more. And with big ideas, advanced eye models, you can reduce risk, accelerate time to insight out. There's a new metric for me. I love IT time to insight T, T, I and gain visibility and control over all your data. Now let me give you an idea of the kinds of people who use big I D.

Who do you think would have an awful lot of data in a lawful lot of places, in a variety of formats, some legacy formats, who would need to know where all their data in such a situation? How about, or I don't know, the U. S. Army, right? They use big ID to illuminate all that dark data to accelerate cloud migration, minimize redundancy and to automate data retention.

I have this quote is from the U. S. Training and doctor command is mind boggling. This is the quote, quote. The first ww moment with big ID came with just being able to have that single interface.

The other inventories of variety of data holdings, including structured and unstructured data across emails, zip files, share point database and more. I mean, parenthetic list say you can imagine the different kinds of formats army as ad has collected over last couple of decades. He goes on to say to see that mass and be able to correlation across those.

It's completely level. I've never seen a capability that brings us together like big ID does. That's that's a pretty good endorsement.

Cbc recognized big idea is one of the top twenty five startups for the enterprise named me to the ink five thousand that the alloyed five hundred two years in a row that the leading modern data security venture in the market today. You need to know this name. Big ID, publisher of cyber defence magazine, said, quote, big idea bodies of three major features.

We judges look forward to become winners, understanding tomorrow's threats today, providing a cost effective solution, of course, and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach. IT all starts with knowing where your data is, by the way, also really important if you're looking at AI because if you think about IT, you want to train, but you want to train on the stuff. You know the army probably has a lot of stuff they don't want to train AI on because it's sensitive or secret.

So it's really important. Understand what your day is, where IT is in in all sorts of places. That's what big ID can do. Start protecting your sensitive data, whatever your data lives at big idea.

Come slash security now get a freedom o see, a big I D can help your organza reduce data risk, accelerate the adoption of generative A I where to be talking about that later today? Big I D B I G big I D B I G I D you don't ask me, but I D big I D that com slice security. Now they do have talking about AI.

They have so many great reports on their website like big idea that comes like security now, but they do have a free report this brand knew that gives you some really useful insights on key trends on AI adoption. ChAllenges is including those chAllenges of what to train on, what not to train on and the overall impact of generated AI across organizations. They know, and they have have great paper on this.

So read IT at big I D that come slash security. Now you need big ID. I think so much for supporting the works Steve does here and you support disagrees. When you go to the address that they know that we saw IT on security now, big ID that come flash security now, Steve, i'm ready with the picture of the week is a good one this week.

This is a good one. And I bet some feedback from our listeners already to really like that. I I was again on the ball and just a reminder to our listers that those we had just shy of thirteen thousand a people are now subscribed to the security now mAiling list twelve thousand nine hundred and seventy nine I look and the .

club twp members we have. So I think there's a maybe a coral there.

I think there may be. And there was a that was the count when the mAiling one out around three pm. yesterday. So just say that that twenty four hours ahead of time, anybody who was subscribed the list got this stuff um so um okay anyway. So the point was that many people wrote back is that wow, that's terrific. So what we have is a residential staircase going up, you know, as they do along one wall with a hAndrail and then a bannister on the outside to, you know, so that the stairs are not open. Now this family has a couple of todd's and, uh, looks like maybe sisters a little older .

than brother.

He's in dier still and looks like maybe he's two. He might be maybe two and a half or three, I don't know, but that across the bottom of the stairs is a screen that mom and dad have said, kids are not going upstairs. They stay downstairs. The child.

they I think it's a brand new one. IT looks like IT because it's .

still get the sales tag on IT that you're write the end. And I noticed also .

that behind IT are .

a couple of stacks of stuff into. Well, now I gave this picture the caption, the bottom of the staircase may have been blocked, but these future hackers are not deterred because the the the stairs protrude. Out from the the a banisters supports and and both of the kids have have walked up the outside of the stairs like seeing whether there's a way they can get in there because they're going to find a way. And IT looks like maybe the if if I write the the the oldest sibling, uh, look like SHE sort of trying to squeak herself in because SHE sort of .

ran out of running away there.

So yeah so there so there are we hope the analogy is not that there behind bars because you know, the the the bannister does look a little bit like that too. But you know, these guys, they're determined to find a way past mom and dads blocked e of the stairs. So boy, you your access, your hackers.

okay. So some recent reporting by republica raised some interesting questions, and I got ta kick out of this. I've sure that our listeners will too. So propulsion a and and i'm i'll be interrupting a few times here with all my own comments days that in the summer of twenty twenty one and recovered r this at the time, president joe biden sum the cees of the nation's biggest tech companies to the White house. A series of cyber attacks linked to russia, china and iran had left the government reeling.

And of course, some of that was microsoft fought right, and the administration had asked the heads of microsoft, amazon, apple, google and others to offer concrete commitments to help the U. S. Bolster its defenses. Biden told the executives gathered in the east room, quote, you have the power, the capacity and the responsibility, I believe, he said, to raise the bar on cybersecurity unquote. Now they said non microsoft had more to prove the most.

Its own security lapses had contributed to some of the incursions that had prompted the summer in the first place, such as the solar winds attack in which russian state's sponsored hacker's toll sensitive data from federal agencies, including the national nuclear security administration. Following the discovery of that breach, some members of congress said the company should provide Better cyber security for its customers. Others went even further, send or on White new chairs.

The senate finance committee called on the government to quote, reevaluate its dependence on microsoft before awarding IT any more contracts. Now as we're going to see shortly, what happened is not exactly what run was looking for. Ah this was not the kind of reevaluation that ron had in mind, republican said.

In response to the president's call for help, microsoft s CEO, such an adela, pledged to give the government one hundred and fifty million dollars in technical services to help upgrade its digital security. Well, what isn't that nice on the surface, they wrote, IT seemed to political win for the by administration and the instance of routine damage control from the world's large largest software company. But the result of republic is subsequently investigation suggests that microsoft, seemingly straight forward commitment to provide a bunch of free technical services, be lied, a more complex profit driven agenda.

As time has since revealed, microsoft apparent generosity was a calculated business manual designed to bring in billions of dollars in ongoing revenue, lock competitors out of lucrative government contracts and even further tighten the company's grip on on federal business. And as I am reading this, I thought, you know, if I didn't know Better, I would think gates was still around since this turned out to be a recognition cognizable ly classic bill move. So they wrote the White house offer, as IT was known inside microsoft, would dispatch microsoft consultants across the federal government to install microsoft cybersecurity products, which as part of the offer, were provided free of charge for a limited time.

That's right. What a bargain. What's what's wrong with this picture? okay. So they said, well, how about once the consultants installed the upgrades, federal customers would be effectively locked in because shifting to a competitor after the free trial would become versus n costly, according to former microsoft employees involved in the effort, most of whom spoke on the condition of anonymity because they feared professional repercussions.

At that point, the customer would have little choice but to pay for the higher subscription fees. In fact, two former sales leaders involved in the effort, like IT, to a drug dealer hooking a user with free samples, quote, if we give you the crack and you take the crack, you'll enjoy the crack. One said, quote, and when IT comes time for us to take the crack away, your end users will say, don't take IT away for me and you'll be forced to pay.

Former sales people said that microsoft wanted more than those subscription fees. The White house offer would lead customers to buy other microsoft products that ran on azure. The companies, of course, there the cloud platform this Carry additional charges based on how much storage space and computing power the customer used. These former sales people said that the expectation was that the upgrades would ultimately spin the meter in quoting them spin the meter for asure, helping microsoft take market share from its main cloud rival, amazon web services in the years after nano la made his commitment to biden, microsoft s goals became reality. The department of defense, which had resisted the upgrades for years due to their steep cost, began paying for them once the free trial ended, laying the groundwork for future as your consumption so that many other civilian agencies.

Former microsoft sales person kan sandi, who acknowledged the deal, said that, quote, the White house offer got the government hooked on asure and IT was successful beyond what any of us could have imagined unquote, while microsoft gambit t payed off handsomely for the company, legal experts told republica the White house offer should have never come to pass as they sidestep or even possibly violate federal laws that regulate government procurement. Such laws generally bar gifts from contractors and require open competition for federal business. Eve yan, an attorney who worked for four decades as a procurement specialist in the federal government, said that accepting free product upgrades and consulting services collectively worth hundreds of millions of dollars is not like a free sample at costco, where I can take a sample, say, thanks for the snack and go on my mary way here.

You have changed the I, T. Culture, and IT would cost a lot of money to switch to another system unquote. Microsoft is part defended, of course, its conduct.

Steve, fail. That's F A E H L. me. good. Yeah, I thought I should spell IT. F A F A E H L D fail. The security leader for microsoft federal business said in a statement, quote, the company's sole go during this period was to support an urgent request by the administration to enhance the security posture of federal agencies who are continuously being targeted by sophisticated nation state threat actors.

There was no guarantee that agencies would purchase these licenses, and they were free to a gay with other vendors to support their future security needs. Unquote pricing for microsoft security sweet was transparent, he said, and the company worked quote closely with the administration to ensure any service and support agreements were pursued ethically and in full compliance with federal laws and regulations. And quote fail said in the statement that microsoft asked the White house to quote, review the detail for anti trust concerns and ensure everything was proper and they did so.

I love the race done, azure. I just think the done azure, it's a nice ad.

There's only one little problem with this. Of course, as we know, IT really is surprisingly difficult to switch vendors. And of course, IT gets worse for prop. Found the White house summit usher in a new form of concentrated reliance as well as the kind of any competitor behavior the by administration has pledged to stamp out.

Former microsoft sales people told told the during their White house house offers push, they advised federal departments to save, get this little to save money by dropping cybersecurity products they had purchased from competitors. Those products they told them were now redundant. Sales people also fended off new competitor ors by explaining the federal customers that most of the cybersecurity tools they needed were included in the free upgrade bundle today.

As a result of the deals, vast swaths of the federal government, including all of the military services in the defense department, are more reliant than ever on a single company to meet their IT needs for public as investigation, supported by interviews with eight former microsoft employees who are in volt in the White house offer, reveals for the first time how this sweeping transformation came to be a change that critics say leaves washington vulnerable, the very opposite of what biden had set out to achieve with the summer. Because of of the model culture, right? It's like, oh, everybody, he's using microsoft. Unfortunately, we've seen microsoft making some significant mistakes. Well.

wasn't this in kind of response to solar when? Yes.

yes, this was three years ago when I was like, oh my god, what are we going to do? And so microsoft said, hey, how would you like some free stuff? Hundred fifty million ef for free. IT was only .

free for the first year. I mean, IT wasn't even free. Free IT was a trial offer.

IT was. I mean, so okay. So the republic article, I got a link in the show notes. IT goes in a much greater detail that was just like the the quarter of IT as though I have a link to IT, as I said, for anyone who wants more. But i'm sure that all of our listeners get the idea.

At one point, microsoft was asked to provide this enhances security support to the federal government at no charge indefinitely, which they flatly declined. But of course, IT became a negotiation overwell. Then how long will the services be free?

You know, of course, what adds even more solved to this wound is IT. For many years, the same federal and military agencies have been steadfast ally, refusing to go with microsoft solutions due to their cost, but they could not say no to free. So this allowed microsoft to get their solutions in the door to remove any previous reasonably Prices competitive solutions.

And then once the you offer expired, the choice was either pay up or go without. And you know, it's at least mildly disgusting. And what's more, you know, this didn't just fall in the microsoft lap, right?

Former insiders made IT clear that this was their intention all along. From the beginning, microsoft CEO such a deal knew exactly what he was doing. Basically, IT was a trojan horse.

How hard is IT if you've upgraded your security to microsoft? G five level is IT to go back. Like if they go ah, we don't want to pay for its we're going .

to go backwards. If elan musk is going to do anything.

this is this is the .

kind of thing I mean, IT takes holding your breath and watching your nose and and I mean, it's an approval. And so so anyone in IT understands that, but it's not their money they're spending. It's our money they're spending.

And so it's always less expensive to pay for the incremental cost of another you know another three months. Then IT is to say, okay, we are on the wrong path. We're going to just we're gona dead in this path because IT IT. Does that mean going out, getting competitive bids and in literally having downtime while all of these changes because that you know you you have to remove all of this junk and and put a new stuff so as if the whole motivation .

for doing this was, oh my god, we've got a big security problem. You could tear out the security pretty fix. You just installed to fix that so that you can do something else. You're going to be a lot of pressure .

just to keep on and keep on I timer who are listened the we all remember gates. I mean, bill, bill was much, he revealed as some technical genius. I mean, he is a genius, but he was much more of a business man.

Yeah, he was Denny was a coder, you know and and he says that now too know I mean, so you know, we watched all of the early shangaans that microsoft got up to you know things like, oh, you can't remove our browser. We built IT in the windows. No, it's part of the Operation until the E.

U. Said, take IT out. Make IT. Well, okay, you do not give us in the choice.

Same old.

But this is just this just struck me as so gates's and I was just like a boy yeah so out um okay. So that apple has hide my email. Mozilla offers their firefox relay and you know these are email services that create thrown away alliances for a users primary account.

The recent news is that google is reportedly working on adding something which they call shield. The email two gmail, their two know for their two billion gmail users. So as with the other services, users will be able to quickly generate random looking user names for use, you know, filling out online forms and subscribing to things and and so forth, which hide their really email addresses.

So those are just alias. And then you'll have some means of managing the allies so that, for example, if you started to get spammed on one first all, I would be interesting. You know who you know which email address is spamming you and then you're just able to delete IT and you'll you'll get rid of IT.

So i've noticed that a large percentage of the subscribers to grc mAiling lists are gmail domain users. So I imagine this will come as a welcome service. Unfortunately, I use gmail as my trash can already because I got, you know, G R C dot com email addresses.

So it's a little late for me. I I don't think I will they will serve much purpose using you know, shielding what is already I threw away account but still for people whose mine whose primary email is gmail, I think this sounds like a good thing. And you know, Better late than never. It's certainly took him a while. On the other hand, you can you imagine that infrastructure that google must have in order to give two billion users like email that works as well as gmail does.

And they use their own server. They're in't using you an open source, anything like that. So if you worry, you might be a simple plug in, but a big deal that's to move yeah plus it's old.

Let's not forget gmail is not a brand new service by any means. correct. Is one of the very first web services correct?

In fact, I remember um do you remember guy named Steve bas who was, uh he was he ran the past da IBM PC user oit mug was the if you try to nounce the anyway and I think he wrote .

for PC world also I do .

yes uh neat guy uh and he had early access to gmail and so sent me A A an invite that allowed me to get a you know a uh special uh email account at at a gmail so which you telling but because .

you otherwise IT will be completely useless.

Believe me it's next to that now anyway it's just know I .

have port at gmail, which was because I was also early.

very nice.

And everybody is decided apparently the spam was decided that i'm french and get a lot of french spam, almost exclusively french. And I also because people you like this happens to you, i'm sure that happens to our listeners. They don't really understand that you can put a space in a gmail address.

So a lot of people named frost wa report and and Abigail report, they type of space in there and IT all goes to report a gmail. So I get all sorts of stuff like your tickets are ready. I mean, just endless your patients for tonight in paris. I mean, it's tempted.

but no, well, and you're write the problem with that being that big, like all those domains are all those names in a single domain, is that if IT is not like, you know B Z Q R T seven, nine or something, if IT is leo .

or fred, it's work like.

you know, goodbye.

There's a story about jim at a that com. Poor jim never really did get to use that. Do you want me to take a break? Er, do you want to continue?

I think now is a good time. We're half an hour in and they we're going to talk about a it's definitely not love coming from russia. So russia and and we do get to talk about .

thank you, Steve. I show the brought to you by those great folks to delete me. I have some direct experience to delete me because we have been using IT for our a CEO for some time now.

If you've ever searched for your name online, I don't actually recommend that you do this. But if you've done that, you know how much of your personal information is right there in public. It's all data brokers.

They've been collecting this stuff for years. Every APP you use, it's not just tiktok, it's facebook, it's instagram. Every site you visit and they take all the information they coate IT.

They make basically a docia about you and you and your family, about everybody you know, maintaining privacy more than a personal concern is a family affair. That's why delete me has introduced family plans so you can have to lead me for everyone in the family. I think and I think they do have this corporate plans as well.

Think that's what we use because you really should have delete me for every manager in your company we ran. I've told the story before. Forgive me if you know you've heard IT before, but we round dead me because lisa, somehow bad guys figured out what her phone number was, what companies SHE worked for and who were her direct reports were and what their phone numbers were.

I wonder where they got bad information, right? And as a result, were able to do a spare fishing campaign reporting to be text from leases. Phone, the ceos phone.

Sing quick. I needs an amazon gift cards. I'm in a meeting, get them and send them to this address. Fortunately, employees are are smarter than that, but immediately told me, know, we got to do something to reduce the amount of information about our management online. And that's when we went to delete me.

Delete me helps reduce risk from identity theft, from cyber security threats like that, from a harassment, you know, from all of the things privacy violations can do. IT is not a nice thing. Delme's experts know where the data is.

They will find and remove your information from hundreds of data brokers. And by the way, if you get the family or the corporate plan, you can assign a data sheet for each member. It's tailor to them so that you can say, well, don't lead the instagram information.

But to lead the face of that kind of thing, easy use controls. So as an account manager, you can manage privacy settings for the whole family. But this is important.

Once you've removed that data, you don't just then walk away cause you could do that yourself first while you need know the hundreds of data brokers out there. But then you need to know as new one's come online and they do every single day, it's a very profitable business. You need to know to go back, and that's what delete me.

Does they continue to scan and remove your information regularly, nearly from the existing data brokers, from all the nuances that pop up all the time. And i'm talking addresses, photos, emails, relatives, phone numbers, social media, property value, everything it's all online data brokers have at all. Until we get a comprehend of privacy law in this country protecting you, you got ta protect yourself and your family and your business.

We claim m your privacy by going to join delete me dcom slash to IT the offer code tweet gets twenty percent off, which is a great deal. Join delete me dot com slash to IT and use the offer code to IT for twenty percent of and if if you want to go to join the libby dark house ssh twit, look at all the offerings. They have a very granular set of offerings that can really do the things you need to do to protect yourself online.

So very much recommend looking at all that it's really an amazing company. Join delete me dot com slash twitter thank you. Delete me, by the way, after the national public data broker breach, Steve, we search for my name right there, my social interior, everything, not racist, not laces.

And I thought that that's that's a pretty telling. Think that that let me really worked. Join delete that can slash to IT. Thank you. Delete me, Steve.

So russian officials.

i'm sorry recently.

no, we're going to get there, as I have recently announced via telegram that they have, which I thought was interesting only yet, telegram, that they plan to expand rushes ban on foreign web hosting providers who are hosting content that this credits the glorious russian army, their words so ocmi and C D N seventy seven may soon find themselves added to the band list for being naughty.

Overall, russia appears to feel that the internet is at just a mixed blessing. It's unclear to me how it's possible to even function within today's globalized economy without IT. I think they're nuts. But russia.

i'm getting ready. I'm getting ready for the ahead.

great. Russia seems poised to at least explore getting along without the internet, to which end rushes illustrious internet watchdog, none other than ross come. I'm sorry, has announced its plan to conduct another test next month of russia's big internet disconnect switch. When polled does what IT says, IT servers all ties between russia and the rest of the global internet.

And they did IT once before, didn't they?

They dress and and they've been working on this for years. They have to do two things like like figure out what to do with DNS queries that resolve to I P addresses that are no longer available. I mean, but they just don't want everything to to hang and crash and like sitting in in like, you know with the hour glass spinning.

So IT turns out that disconnecting from the internet is not an easy thing to do. And of course, as I was as I was, uh, thinking about this, uh, I thought, what about sterling? Because, you know it's no longer the case that, that the useful internet connectivity requires no landlines and and fiberoptic trunks and all of that start starting .

is banned in russia, that was in my guess or doesn't offer IT. Let me see it's available in ukraine, of course.

And you're right, russia is sanction.

right? So what I thought, yeah so that just works into their their favor.

doesn't that's right. Easier to disconnect, easier to pull the switch. So anyway, so there they're not gonna do another test in december. And again, you know it's like is there some big long term plan here as IT is IT just so that they like are worried they're going to be a attacked?

I I don't know um you know we would know if our country was was doing the same thing because if you would have an effect, I mean, pulling the switch on global connectivity will have an effect. Ah so really interesting. No, I have to see what they've got plan.

But while on the topic of russian antics get load of this, one of the zero days IT was cvv twenty twenty four forty three four fifty one. The microsoft patched this past week was, you know, in patch tuesday. Last week was used in a russian hack of ukrainy organizations earlier this year, according to the security firm clear sky.

The zero day was part of an exploit chain that exposed anti landman, you know, anti land manager credential hashes also knows L L N T L M credential hashes when victims interacted with dot URL files that were received in fishing emails. But here's the part that really caught my attention. Clear sky said that right clicking, deleting or moving the file established a connection with the attacker's server, exposing authenticating data.

The report suggests that the campaign also use social engineering to convince victims to run, execute ables, okay, but hold on, right clicking on a file to display its context menu and examine its properties, deleting IT or dragging IT to another directory was all that needed to cause the victim's machine to establish a remote connection to a malicious server. what? So I went over the clear sky to see what was up, and I got a link in the show notes for anyone who wants to see to the clear sky research team posted the right up last wednesday, writing a new zero day vulnerability. C, V E, by the way, I was posted wednesday because the patches were pushed on tuesday, the day before, you know, closing this down. They said, a new zero day vulnerability, forty three, four, fifty one clear .

sky security and .

invalid response.

I don't know if it's blocked or a cape profound, a secure connection. So this might be my browser. Sometimes this happens.

interesting. Maybe maybe cuse me the explicit HTTPS. And because .

I think the ubiquity blocks certain things. Okay.

yeah.

So I was just clicking the link you had you yeah ah yeah.

let me try clicking IT here.

Yeah, i'm sure it's fine. It's just me. Yeah I also have that from so .

just came back up for .

me yeah so it's i've noticed they're certain place as I can go and I think it's the security I do use security in on the uic OK.

So they um so they wrote a new zero day vulnerability forty five forty three four forty one was discovered by clear sky cyber security in june of this year twenty twenty four. This vulnerability affects windows systems and is being actively exploited in attacks against ukrainian entities. The vulnerability activates URL files containing malicious code through seemingly innocuous actions that they have three bullpen ts.

First, a single right click on the file in all windows systems will do this, deleting the file in windows ten or eleven will do this, dragging the file to another folder in windows ten or eleven and some windows seven, eight and eight point one, they wrote the malicious U R L files where and and I should note that A U R L files is just text, so it's kind of pushing IT to call a malicious. But okay, it's just a link. It's just just got IT looks like in any file so they wrote the malicious URL files were disguised as academic certificates and were initially observed being distributed from a compromised official ukrainian government website.

What actually happened was that the russians compromised an email server in ukraine and then used the email service credentials to send, you know, A D kim, S P F, you know, d mark approved email to others in ukraine. So the email that was coming in looked like IT was verifiably authentic from the compromised server. But in fact, unfortunate he was fishing email.

So they said the attack begins with a fishing mail set from a compromise ukrainian government server. The email prompts the recipient to renew their academic certificate. The email contains a malicious U R L file. When the user interacts with the URL file by right clicking, deleting or moving IT, the vulnerability is triggered.

So i'll just say this is like, uh this is the first time i've seen that like you know dragging a file and droit in the trash or right clicking to learn more about IT that's all IT takes under windows ten and eleven um in order to well right right clicking in all versions of windows in order for this thing to happen. And I have got more detail. So they said, when the user interacts with the URL fiba, right clicking, deleting or moving at the vulnerable triggered this action, establishes a connection with the attackers server and downloads further malicious files, including Spark rat malware.

Spark rat is an open source remote access children that allows the attacker to gain control of the victim system. The attackers also employed techniques to maintain persistence on the infective system, ensuring their access even after a remote. Okay, so the culprit here is a dot ural file, which is a windows internet URL shortcut.

It's a text file and anyone who's ever looked at like the original dot I and I uh you know config files back in the early days of windows will will recognize the format here. It's got sections that that are surrounded by square brackets, and then just simple name equals value pairs in in all in text. The key is that the file contains a URL equals line where the scheme of the URL is file coin forward lash, forward lash, followed by the IP of the malicious remote server in windows.

The file coin slash lash scheme is hand is is handled by S, M, B, which is, of course, server message blocks, which underlies windows original file and printer sharing, which as we know, was never up to stuff security wise. So that's where N T L M credential hashes come in because windows has always been extremely generous handing out. It's like I in its users by by sending their credential hashes around long before IT was realized that you that's not a good idea to be sending somebody's hash credentials because there's all kinds of this if you can get up with them, including just a replay of of of the credential hash in order to impersonate them, which is exactly what this thing does.

So apparently upon even extremely a knocked us contact with these files in windows up and you know, it's work in more recent windows ten. In eleven, windows explored will, without any prompting, reach out to the file server that's indicated in the shortcut, even without its recipient executing the shortcut, the researchers wrote when examining the U. R L.

File, clear skies team exposed a new vulnerability. Right clicking the file establishes a connection to an external server. In addition, execution in a sandbox raised an alert about an attempt to pass the N T L M hash through the S M B protocol. After receiving the N T L M hash, an attacker can Carry out a pass the hash attack to identify as the user associated with the captured hash without naming the corresponding password. In other words, the credential hash that in T M S N B protocol sends out to identify its windows user can simply be captured and subsequently used to impersonate the user as if they were logged in, the researchers wrote.

Further investigation yielded that in windows ten and eleven Operating systems, the action of dragging the file from one folder to another or deleting the file caused the file to communicate with a target server and only then be deleted or moved under windows seven, eight and eight point one, the file did not initiate communication when drag you're deleted unless the target folder was open. At the time of dragon, they said this did not happen on the first attempt, but was observed only after two to three attempts. That is, they concluded the newly detected vulnerability is somewhat more exploitable on windows ten and eleven Operating systems.

So i'm sure that they must be a bit unnerving to those old process among our listeners here to learn that the actions that any of us might take to dispose of something we may have inverted tly received could themselves lead directly to a compromise of our machine. That's new. So microsoft reportedly patched and close this floor in last tuesday.

Ys, patch updates. So that's good. But IT should serve to remind us that those of us using windows are using an extremely complex Operating system that is still dragging a ton of legacy code forward.

That code was written, that N T, L M S M B file and printer sharing code was written. And its protocols were designed long before the world had an appreciation for just how secure our future systems would need to be. The what came to mind as I was thinking about this.

The classic example of this was the original design of the windows metafile format. Windows draws on the screen through a series of drawing primitives in invoking a circle or a rectangle or a line function with parameters and so forth. A windows metafile, you know, W, M, F is just the capture of those drawing primitives.

It's essentially a script. Then later, when that metaphor is opened, those primitives are, we played onto a new blank canvas to recreate the original drawing. So the metaphor contents are interpreted.

But the designers that the original metaphor format, though, what if we want to do something more, you know, something, something more than just replying, something that was previously recorded? Why can't the file contain some code that's executed? And remember, this was windows three point o so among all of the interpreted tokens, they specified a meta escape code, which is what I was called, that would cause the system to execute to essentially escape from interpreting a gdi, a graphic s device interface, uh, tokens and execute the code contained within the windows meta file starting at the bites immediately following the special escape code.

And so it's SAT there in the metafile specification for years until much later. Oh, and IT was copied as as like from from ninety five to ninety eight to um what was the last sixteen bit version? IT was me windows M E um and then IT made the jump to windows N T and and and so on.

So later, years later, in the era of nt and network y an internet uh uh connectivity, IT was suddenly rediscovered and labeled as a horrible exploitable flaw. At the time when I calmly stated that IT was obviously there all along by design, many people misunderstood me. They thought I was saying that microsoft had deliberately planted the back door in windows. IT was, you know, IT was originally deliberate, but he was never malicious.

IT was convenient.

IT yes. IT was yes. IT was a reasonable thing to do back when we could trust every image our machines might try to render.

But let's just say I didn't age well and neither was microsoft original in t land manager and their S M B protocol. You know they have not aged well either and you they were also designed back before we really understood security. So this you know this wasn't uh, deliberate on microsoft part and we do.

And what was really interesting was that a couple a week or two ago we were just talking, but how microsoft has decided not to keep patching N T L M problems yet the zero patch guys are. So there's another reason why zero patch is is worth looking at. Oh, and I should mention I got a bungee of feedback from our listeners who said, you know, Steve, you should mention that there is a free tier also.

So so it's not necessary to subscribe to zero patch in order to get some of the benefits of IT. So I just want to to mention that along with all the others and thank you everybody who wrote to say, um you know there's a free be available so there is a free tier for zero patch. okay.

So uh, not a lot happened this week and we've discovered at all. So i'm going to spend some time with some feedback from our amazing listeners. Um I believe he would pronounce his name echo A Y I K O. I sorry um if that's wrong but i'll say echo fred uh is in uganda and he said, hey Stephen leo, this is echo fred from uganda. I've been listening to security now since twenty twenty one, starting around the eight hundreds.

And then, you know, episode number is that I occasions miss a few episodes when things get busy, sometimes up to a month, but i'm thrilly enjoying the show examination point, he said, I don't have, I do not have a formal background in computer science, but I developed an interest in programing in twenty twenty and learned some other lang and elia, he said, my first and only languages, which are now using at work. He said he made me realize I had only a blurry understanding of many key concepts. I'd never thought to go back to the earlier episodes from two thousand five, but a few episodes ago, a listener recommended going back to the earlier episodes.

So I decided to give this a try and wow. Explanation point. He said, the way you explain topics like how the internetworking crip, tom phy and VPN really clicked for me, he said I was blown away by how much easier IT was to understand these concepts through your explanations.

Now I feel like i've been programing by superstition. All along, he said each epo, he said each episode has left me wanting more and i've even relished to some episode des three to four times, especially those on cypher graphs and internet fundamentals. I'm now on episode fifty eight, and i'd encourage anyone with a shaky grasp on these topics to check out the earlier episodes they won't regret IT.

So I wanted to share that just as as to reminder listeners about that. But he finishes saying, one episode made me think this is exactly what I need. He said that was episode forty one, true script.

He said, unfortunately, I learned the true crypt. Development was discontinued in twenty fourteen. Do you have any recommendations for alternative tools with similar features to true grip that are compatible with linux?

I love something with the same level of privacy and security. Thank you again for all your work. I really appreciate you looking forward to episode one thousand best regards.

So um I mentioned this bit of feedback last week that I wanted to share IT this week because I know that this podcast has been discovered by many people years after we recorded those early fundamental technology podcasts we've heard from others who after discovering this podcast had the idea of going back to start from scratch and catch up and those people have invariably found that IT was worth their time. So Frankly, part of me is tempted to just stop and recreate some of that work from the early days so that they're put back into everyone's fees. But that doesn't make any sense because they're already there.

Every podcast we've ever recorded remains available to everyone, and reproducing content we've already created would display our new content for which we often barely have enough time as IT is. So from time to time, i'll take a moment, as I have here, to remind our listeners that back in the early days, we laid down many of the fundamentals of the way everything we're talking about today works. And IT was done in a way that many people have found to be extremely accessible.

Also another thing we often hear is that while our listeners enjoy the content today, they feel that there's much they don't understand. You know, they say like, well, I did I understand maybe twenty percent of what you're talking about would just mentioned that a week or two ago IT is true that I consciously build upon the foundation that we have laid down before using what's come before as the only way is possible for us to move forward. So to those who feel that they've been tossed into the deep bend of the pool by showing up here late, let me note that all of that knowledge that's missing and assumed was once covered in detail back in the earlier days of this podcast. Really, I mean, we all of the stuff we do, i've talk about and and and sort of zip over when we're talking about something new. That's all been discussed in detail in the past, and it's all there waiting and free for the asking for anyone who wants IT .

at some point, i'd love to make a play list foundational episodes that people should listen to. yeah. But just for a echo of red, there is a replacement for true clipped. Steve talks about an episode, ty two, you'll get there a fair clipt that he talks about IT epo, de of many other episodes.

And so IT is, and I have a link to very clipt in the show notes. Uh, V, R, A, C, R, Y, P, T, dot, F, R, very clipped dot F, R. I went over and took a look.

And yet, I mean, I was updated a month two ago. So IT is being kept current and IT is platform ignostic. It'll work beautiful ly for linux and encysted your drive just like true gypt once would have. yes. See, we've covered at all.

We've covered at .

all over the years. Really, we have. Well, leo, how many thousands of hours? It's real, several at least. Um okay, Scott got freed, wrote to share his powerful solution for accessing his network from home. But leo, let's take a break and then we're going to find out what Scott is using in order to get roaming access. And it's not something we've ever talked about oh how far something new yeah like .

hamadi or we've talked about a lot of different ways we have do and something like that yeah you .

know how much he still exists really .

but yeah log me in, logged me in bottom .

yeah and it's so it's a commercial service, but it's still there.

And IT was a great idea using, what? Five dog, right? yeah. Well, I can't wait to hear what else there is out out there. But first award from our fine sponsor, a name you know, I know you know one password, you may be thing well, yeah, I know they they do a really good passer manger well, this is a new product from one password, can't takes a password manager. The next step, it's called extended access management.

And let me ask you a question, if you're in IT or run a business to your employees, your end users always work on company own devices using IT approved apps. Of course, they're the best, right? No, they don't.

They bring their phone in their laptop, are watching their plex server from home. So how do you keep your company's data safe? What is sitting on all those unmanaged apps and all those unmanaged devices?

One passwords answered to that question. Extended access management. One password extended access management helps you secure every sign in for every APP on every device. Because IT solves the problems, traditional im password management and md m cannot touch.

Imagine your company security, like the quad of a college campus, you know, the nice brick page and leading through the Green sword between the eye. E covered buildings. Those are the company owned apps, IT proved apps, company owned devices, the managed employee identities. All nice. It's all peaceful.

But then, as on any college campus, there are the pads people actually use the shortcuts warn n through that beautiful Green grass that is actually the streets line for building a to building b you know, want to go around about to get the physics one or one you know about straight lines, right? Those are the unmanaged devices the shadow I T. Apps are not employed at in these like contractors.

If you've got employees, it's inevitable they're going to do their own thing. Problem is, most security tools only work on those happy little brick pets. A lot of the security problems take place on the short cuts.

That's why you need one password extended access management. It's the first security solution that brings all these unmanaged devices, apps and identities under your control and ensures that every user credential is strong and protected. Every device is known and healthy.

Every APP is visible. It's security for the way we really work today and is now generally available. The companies that use octave or microsoft antro, it's also a bit of for google workspace customers.

So good news. You can check in out right now at one password that come slash security. Now this is really an exciting new offering from one password, one pa O R D, right?

One password dot can flash security. Now we think of someone for supporting Steve important work here at security. Now we thank you for supporting IT by going that site. So they know you saw here one password duck com flash security. Now okay.

and we go more to a Scott leaves to the end that everything he describes is all a free service provided by cloud flare um which is really .

interesting. I used they have a lot of free .

services yeah so I wanted to mention that up front. That is the freely so the while i'm sharing what Scott route, everyone who might have a similar need will be taking this seriously and thinking all this is interesting. So Scott said, high, steep.

Congrats on one thousand. I've listened for all twenty years, every episode. Thank you. And leo, he said, i've heard several questions from your listeners about how to access their home network while traveling VPN overall network. I had the same question.

My primary requirement for accessing my home network was that I did not want to open any ports on my router. A of that is that I research solutions for several months until I happened upon a blog post at cloud flare. The solution for me is the cloud flare tunnel, and that's A W W W cloud flare dot com slash products slash tunnel T U N N E L.

And he said, I run an old intel knock from inside my network that creates an outgoing tunnel to cloud flare. The cloud flare dashboard, let's be add my own domains as a firewall, provides authentic ation and allows me to configure routing for my four internal home subnet. He said, it's awesome.

I run two separate photo sharing apps for the family. The apps run in docker containers on the neck, which has linux and casa OS, but the tunnel could run on a nass or zima board when travelling. I use the cloud flare warp APP on my laptop and connect to my home network.

I can end R D, P to my windows neck. I can access my ubiquity camps, and I can access my true nothing on the home network is exposed to the internet IT all happens through the tunnel. The family access is my shared photo apps jelliffe in and pie go using a web browser pointed to my custom domain.

I add authorized family member email addresses to the cloud flared dashboard when a family member tries to log on to one of the apps, they just enter their email address, they are sent a pin for access. All of that is handled by cloud flare. It's a little bit of a propeller bi kinds stuff, but one could just start with a tunnel to access the home network without sharing apps in dealing with authority.

Oh, he says, I forgot to mention all of the stuff I use at cloud flare is free. All caps explanation point is that I hope this might help anyone searching for this type of solution best, Scott. So thank you, Scott, for sharing that IT was news to me, so I went over to take a look.

Um glad flares tunnel page says protect your web servers from direct attack from the moment and application is deployed. Developers and I T spend time locking IT down, configuring acs you know access control lists, rotating I P addresses, and using clunky solutions like G R E tunnels. There is a simpler and more secure way to protect your applications and web servers from direct attacks.

Cloud flared tunnel ensure your server is safe no matter where is running public cloud, private cloud cover, etes cluster, or even a mac mini under your TV so from Scott description, IT sounds like an extremely powerful and capable solution for simple, safe, remote uh, connections to an internal network. IT may be more than many of our listeners need, but I wanted to put them on ever with radar, you know, because IT really does sound like a power users tool. You know, being able to set up authority um have registered email addresses where someone is able to receive A A pin, provide that back and then automatically get access through that the tunnel back to the network.

Know there's a lot there IT does a lot um but anyway looks like a potentially very energy solution. At the same time, I got a note from jeff Price who also happened to right, thanks for the emails. Their very helpful, he said.

I have meaning though, though, with a weekly security now, you know, preview of the podcast, he said, I have a medium sized network at home with snow logy nas, dozens of I O T devices at set. I've been using tail scale for all remote connections. This means no open ports or port forwarding.

I also set up a system inside my home as an exit node, which means even when I am traveling, I could encrypt all of my traffic back to my home and then exit from there. In other words, anything he's doing while his traveling believes he's still at home, which can be useful for, you know, access to streaming services and so forth that have a specific geographic boundaries, he said. Tail scale has worked great and IT is much faster than open VPN.

So just another, you know, reminder that the overlaid network solution is almost drop in, easy to use and there are tail scale and zero tear. And uh, there's also nebulous and net maker. There are clients for all of the various OS is uh, that we're using and even for the various masses.

So now there's a probably a well IT is far less flexible and capable. It's also sort of more of of of home grown solution than cloud flares tunnel. Uh, so you know, your biology may vary. Pick the solution that seems best for you. ATM b has an intriguing problem, he said, a high Steve, i'm a long time listen to the show.

I'm not sure how long, but I definitely remember when you used to alto date episodes between topics and news and he means news and feedback he says, i'm a proud spin, right owner and thanks to you and leo getting me interested in hacker one a few hundred dollars Better off having found a couple of local privilege escalation vulnerabilities during some poking around on my weekends, that's very cool. So he is a little bit of all they know, White hat hacker helping people. He says, I have a question that I have not been able to find an answer to online and I thought might interest you and my fellow listeners.

I'm a hobbyist malware analyst, clearly from the experience he shared yeah, he said. And as part of that, I often run the samples in a network that's isolated from the internet just to see what happens. Sometimes the samples will try to communicate with a command and control server. Often the hard coded c to server is a fully qualified domain name, but sometimes it's a public I P address. I can off, he said.

He can often be useful to pretend to be the combined and control server just to see what the sample sends when the c to server is a fully qualified doma name is easy enough to use my own DNS server in the isolated network to answer the D, N, S, request with an a record I P address of my choosing, meaning that, right? So the the melar says, uh, I I need the I P address a bad guys dot are you and and because he's creating isolated network, he's got his own DNS server. So so the machine running the mall where generates a DNS query to bad guys, dota, are you and the dn and the DNS response with, you know, one, nine, two, once, six, eight, zero, about twenty or something, which is a machine on on that network.

So that's where the the melt attempts to connect to, which is his own server, so he can see what's going on, he said. However, when the c to server is a public I P address, this becomes more troublesom. I think I have two choices, he wrote, he said, one, patch the sample to change the I P address to one on the land.

Or two, somehow get my land to answer the ARP request with a mack address of my choosing. Is that the problem with choice number one is that this isn't practical at scale, meaning, you know, patching the melt in order to have point IT to something local. And I agree, and he said, as you know, sometimes I like to run ten, twenty or fifty versions of the same melar family is that I don't want to have to manually patch fifty different samples.

IT also seems like the less satisfactory choice. The problem with choice too is that I simply can't figure out how to do IT. How can I can figure my network so that if a sample makes a request for a public I P address, in other words, one that isn't in the slash twenty four of my land, the request is handled by my c to server.

The best answer I could find online was concerned with up poisoning, but this seems very unreliable and likely cause and unstable. Network IT feels like the answer will be something to do with the default gateway, but I can't figure that out. I hope that makes sense.

I would really appreciate your thoughts on the subject. A big thank you to you, leo and the whole team. Kind regards, adam, okay. What ana wants to do can definitely be done in a highly robust fashion. IT would be possible to manually add static routes to the routing table of the machine is hosting the meltwater.

This would cause the traffic bound for that target IP to override the Normal non local default route, which would send the traffic out to the network's gateway interface and instead to another local network interface. But doing that is tRicky and messy. The more straight forward solution, and it's really slick, would be to obtain a router that has some extra hardware interfaces.

That little net gate sg eleven hundred, which amusing here, has an ox network connection. You know, got it's got one and land and ox as an oxy, and it's not a simple switch. Using the same network as the lab is a separate network interface and that can be given its own land.

Or for example, one of those protective P R O T E C T L I protected volt devices, uh, i'm using one of those at my other location. Uh, those are nice also. And amazon has those for sale. Or you can get them directly from protecting. The idea is to have an extra physical network interface, you would use the router software, such as P, F sense or O P N sense to define another small land network for that extra interface.

And instead of using one of the Normal private networks like one, nine, two, that once like that, something, not something, or ten dot something, something, you would create a network that includes the target IP of the command and control server. You then attach a machine, this c, to your, your, your command and control spoof server, to tache a machine to that interface, and manually assign at the IP of the command and control server that the man who is looking for. Now, whenever the malware in the host machine addresses internet traffic to that remote public I P, your local routers routing table, we'll see that the I P matches within that extra network and will send the traffic to IT rather than out under the public internet. So you wind up with a very straightforward, robust and easily adJusting and maintained solution. And .

yes.

dale mires, okay, has a problem. I forgotten how many breaks we've take.

I thought there was something going on. We have one more so you .

could put that anywhere you want, only, only one. And then will you back. And before we get into what is A G I, yeah ah, thank you, dale mires has a problem no one should ever face he said, hi Steve.

I never thought when I started listings at zero zero zero one that there would ever be a thousand and still counting security now podcast, he said I started at the beginning right after fred lana suggested your podcast might be worthwhile. He was right at the time. I was a volunteer in the IT department of a parochial school.

The things I learned from security now LED to important improvements in our system over the years. In those days, there were not so many listeners, and you took time to answer two of my questions submitted in the feedback dialogue box at the bottom of the security now page. Now I have a new question that raises that relates to using a password manager.

He said, i've been doing a bit of traveling by air lately, and the last time I was in my travel agent office, I decided to use some of the accumulated points. SHE said he could not access my account without my password. There was a place for IT on her screen, but I could not figure out how to get the password from there or or two there from my password manager.

Any thoughts? Sign deal? Mires, okay. So my first thought was, huh? That's a really good question.

How would you do that securely? And then I thought, I wonder why this isn't a problem we've heard about before. And then the question answered itself.

Since no one should ever have this problem, no one should ever be asked to give their password to someone else like a travel agent so that he could access their account. So no, it's not a bigger problem because IT should never be required of anyone, ever. The whole thing, you know, seems like a fundamental bad idea, but that doesn't help dail, who apparently does have this problem.

Even if everyone agrees, he should never have this problem in the first place. Given the deal has been listing since episode one, we know that his travel account is currently protected by a ridiculous ly nearly long, random and impossible to manually enter or even communicate password, so my advice would be not to even try briefly change your password to something ridiculous ly simple to type, which meets the travel system's password policies, but otherwise minimal in every way. You know, it's only going to be that way for a few minutes, so its security doesn't really matter.

Once the travel points have been transferred, the account password can either be restored to what I was before or set to something new. Now a workable alternative would be to just send the accounts initial nearly password via email or a text to the travel agent, let her log in, do whatever he needs, then change the accounts password to something new and super secure once the points have been moved. Now having said that, I did get a piece of feedback from a listener about an incredibly cool looking device.

I've I got IT on the way to me because I wanted understand IT and be able to talk about IT. IT is a little dongle, which has a USB port, and IT is a bluetooth keyboard dongle. Meaning that what what deal could do if he had this, or if any of our listeners had this problem, dail could have this with him, give in to the travel agent and have a plugged into her computer, you know, just any USB port.

Now, very much like the original ubique, this thing looks like a USB keyboard. So then there are, there are android and IOS and other apps for this thing. So deal would be able to send his password through this APP and IT would type into the password field on the travel agents computer, which is kind of a cool hack anyway, uh, I will i'll know more about IT. I, I, i'll have all the details in next week's podcast for anybody who wants to jump ahead. IT was not cheap as thirty seven dollars ah and has been shipped from poland as I recall .

but still kind of .

a cool thing. Um Chris c asked a while back you said something about a large company that was fined for not keeping teams or slack chats as required by federal law.

Do you remember who this was and what the law was? So I replied to Chris, I vegan recall that in passing, but I have no specific recollection and I said, grc, on site search in the upper right of every page can be used to search only the podcast transcripts, which are fully index, so you might be able to track down the reference that way. So that was my reply to chis.

I wanted to share this because I use grc search from time to time myself, in the same way when i'm looking for something from our own past. You heard me casually mentioned that we talked about something, you know, whatever IT was, you know, back during podcast number, whatever I don't, you know. So I just don't want anyone to imagine for a second that I recalled that podd cast like Chris here.

I did recall that IT was something that was mentioned, but not what or when. Since I get these sorts of questions, often like that, Chris asked, I just wanted to pass on to everyone. Both the show notes and the lanes precise transcripts are fully index, and that index can be easily searched using grc search box.

And I checked a little bit later, Chris had replied. He's responded, thank you. Exception point, I didn't know that was there. He said, I found IT in S N. Number nine, fifty nine. He said, google did not help me, but the search engine on your side, powered by the same company, did so again.

We do have, you know, essentially podd cast specific search, which will allow anyone to find something that they think they recall that we talked about before, but can't remember exactly where I went. Uh, you're free to keep asking me, but you know, all just the same thing you could do, which is to use little search box in the upper right of every page at G, R, C. And leo, we are ready to talk about artificial general intelligence, whatever that is.

Well, at least maybe know what IT is even if we don't know when. About half an hour for now. But let's take our last break and then we'll pour into that.

I'm excited. I'm really excited. I'm ready to take notes. I sure they brought to you by those great folks that delete me.

I have some direct experience to delete me because we have been using IT for our CEO for some time now. If you've ever searched for your name online, I don't actually recommend that you do this. But if you've done that, you know how much of your personal information is right there in public? It's all data brokers.

Theyve been collecting this stuff for years. Every APP you use, it's not just tiktok, it's facebook, it's instagram. Every site you visit and they take all the information they coate IT and they make basically a docia about you and you and your family, about everybody you know, maintaining privacy more than a personal concern is a family affair.

That's why delete me has introduced family plans, so you can have to lead me for everyone in the family. I and I think they do have this corporate plans as well. Think that's what we use because you really should have delete me for every manager in your company we ran i've told the story before.

Forgive me if it's you've heard IT before, but we rand delete me because lisa, somehow bad guys figured out what her phone number was, what companies he worked for and who were her direct reports were and what their phone numbers were. I wonder where they got that inform, right? And as a result, they were able to do a spearfishing campaign purporting to be text from leases, phone the CEO phoning quick.

I need some amazon gift cards. I'm a meeting, get them and and send them to this address. Fortunate employers, smarter than that. But he immediately told me, you know, we got to do something to reduce the amount of information about our management online. And that's when we went to delete me.

Delete me helps reduce risk from identity theft, from cyber security threats like that, from harassment, you know, from all of the things privacy violations can do. IT is not a nice thing. Delete me.

Experts know where the data is. They will find and remove your information from hundreds of data brokers. And by the way, if you get the family or the corporate plan, you can assign a data sheet for each member.

It's tailed to them so that you can say, well, don't tally the instagram information, but do delete the face of that kind of thing. Easy to use controls. So as an account manager, you can manage privacy settings for the whole family.

But this is important. Once you've removed that data, you know, just then walk away because you could do that yourself first while you need know the hundreds of data brokers out there. But then you need to know as new one's come online and they do every single day, it's a very profitable business.

You need to know to go back and that's what delete me. Does they continue to scan and remove your information regularly, not only from the existing data brokers from all the new ones that pop all the time and i'm talking addresses, photos, emails, relatives, phone numbers, social media, property value, everything. It's all online data brokers have at all until we get a comprehend of privacy law in this country protecting you.

You gotta a protect yourself and your family and your business. We claim your privacy by going to join delete me down com slash to IT. The offer code tweet gets twenty percent off, which is a great deal.

Join delete me dot com slash to IT and use the offer code to IT for twenty percent off and if you if you want, you go to join the libby dark house slash to IT. Look at all the offerings. They have a very uh, granular set of offerings that can really do the things you need to do to protect yourself online.

So very much recommend looking at all that it's really an amazing company. Join delete me dot com slash twitter. Thank you. Delete me.

By the way, after the national public data broker breach, Steve, we search for my name right there, my social ian, everything. Elis, not laces. And I thought that that's that's a pretty telling thing that let me really worked, joined to me, that can sledge to IT.

Thank you. Delete me. All right. I've been died.

And to hear this, Steve gibson on agi. Well, okay, PS. And serving a bunch of people's feeling about agi. I want to know what you think too.

though I think you'll probably give us some .

idea yeah I do have some feeling so uh, okay um I should note that I already have everything I need with thanks to today's ChatGPT for O. And IT has changed my life for for the Better um i've been using IT increasingly as a timesaver and sort of in the form of a programing language super search engine and and even a syntax checker.

Um i've used that sort of as a crutch when I need to quickly write some throw away code in a language like P H P, where I do not have expertise. But I wanted get something done quickly. I just i'd like, you know get solve a quick problem, uh you know a pass a text file in a certain way into a different format, that sort of thing.

Um in the past I would take you know if I was a more some more bigger project than that an hour to put in queries in the google following links to programmers, corner stack overflow or other similar sites and I would piece together the language construction that I needed from other similar bits of code that I would find online or um if I was unable to find anything useful like you know solve the problem. I would then dig deeper in through the languages actual reference texts, to find the usage in the syntax that I needed, and then build up from that, you know, because, you know, after you programmed to budget languages, they're all sort of the same largely. I mean, this is a different animal entirely, as is apl.

But but the procedural languages is just a matter of like, okay, what are I use for inequality? What are I use for you know, how exactly are the looping constructs built that kind of thing? Um that's no longer what I do because I now have access to a what I consider a super programing language search engine.

Now I ask the experimental coding version of ChatGPT for whatever is I need. I don't ask you to provide the complete program um since that's really not what I want. You know I love coding in any language because I love puzzles and puzzles, our language agnostic, but I do not equally know the details of every other language there. There's nothing ChatGPT can tell me about programing assembly language that I have a not already known for decades.

But if I want to write a quick, throw a way utility program, like in visual basic dot net, a language that I spend very little time with, because I like to write an assembly language, you know, but I need to, for example, quickly implement an associated array, as I did last week, rather than poking around the internet or scanning through the visual basic syntax. Define what i'm looking for. I'll now just pose the question to ChatGPT.

I'll ask IT very specifically and carefully for what I want. And in about two seconds, i'll get what I may have previously spent thirty to sixty minutes sussing out online. IT is transformed my working path for those sorts for that class of problem that, that I ve traditionally had.

It's useful whenever I need some details where I do not have expertise is that I think the way I would put IT, and i've seen plenty of criticism levied by other programmer of the code produced by today's ai, to me, IT seems misplaced. That is, their criticism seems misplaced. And maybe just a bit nervous and maybe they're also asking the wrong question.

I don't ask ChatGPT for a finish product because I know exactly what I want and i'm not even sure I could specify the finish product in words or that that's what it's really good for. So I ask IT just for specific bits and pieces. And I have this report that the the results have been fantastic.

I mean, IT IT is literally it's the way I will I will now code languages I don't know, I think is probably the best way to put IT IT IT is no, it's interesting. The internet and and you know obviously we have to use the term in knowing them very advisability IT doesn't know them, but whatever IT is, I am able to like ask you a question and I actually get like really good answers to to tight problem domain questions. okay.

But what I want to explore the day is what lies beyond what we have today, what the chAllenges are and what predictions are being made about how and when we may get more, whatever that more is. You know, the the the there where we want to get is generically known as artificial general intelligence, which is a private A G I. Okay, so let's start by looking at how wikipedia defines this goal.

Wikipedia says artificial general intelligence is a type of artificial intelligence that matches or surpasses human cognitive capabilities across a wide range of cognitive tasks. This contrasts with narrow A I, which is limited to specific tasks. Artificial super intelligence A S, I, on the other hand, refers to agi that greatly exceeds human cognitive capabilities.

A G I is considered one of the definitions of strong ai. They say creating agi is a primary goal of A I research and of company, company such as OpenAI and meta. A twenty twenty survey identified seventy two active agi research and development projects across thirty seven countries.

The timeline for achieving agi remains a object of ongoing debate among researchers and experts as of twenty twenty three, some argue that IT may be possible in years or decades. Others maintain IT might take a century or longer, and the minority believe IT may never be achieved. Notable A I researcher, Jeffery y.

Hinton, has expressed concerns about the rapid progress tored agi, suggesting that could be achieved sooner than many expect. There's debate on the exact definition of agi and regarding whether modern large language models, L, L, ms, such as such as GPT four r early forms of A G I contention exists over whether A G I represents an existent al risk. Many experts on A I have stated that mitigating the risk of human extinction posed by A G I should be a global priority.

Others find the development of A G I to be too remote to present such a risk. A G I is also known as strong A I, full A I human level ai or general intelligent action. However, some academic sources reserve the term strong A I for computer programs that experience sentience or consciousness.

In contrast, weak A I or narrow ai is able to solve one specific problem, but lacks general cognitive abilities. Some academic sources use weak AI as the term to refer more broadly to any programs that neither experiences consciousness nor have a mind in the same sense as humans. Related concepts include artificial super intelligence and transformative A I. An artificial super intelligence is a hypothetical type of A G. I that is much more generally intelligent than humans, while the notion of transformative A I relates to A I having a large impact on society, thus transforming IT.

For example, similar to the agricultural or industrial revolutions, a framework for classifying agi levels was proposed in twenty twenty three with google deep mind researchers, or buy google deep mind researchers, they define five levels of A G I emerging, competent, expert virtual o so and superhuman they define um for example, a competent A G I is defined as an agi that outperforms fifty percent of skilled adults in a wide range of non physical tasks. And a superhuman agi, in other words, and artificial super intelligence is similarly defined, but with a threshold of one hundred percent, they consider a large language models like ChatGPT or lama to to be instances of the first level emerging agi. Okay, so we're getting some useful language and terminology for talking about these things.

The article that caught my eye last week as we were celebrating the thousand episode of this podcast was posted on perplexity A I titled alt men, predicts A G I by twenty twenty five. The complexity peace turned out not to have much meat, but I didn't offer the kernel of some interesting thoughts and some additional terminology and talking points. So I still want to share IT perplexity, wrote OpenAI C E O sam altman n has stir the tech community with this prediction that artificial general intelligence A G I could be realized by twenty twenty five, a timeline that contrasts sharply with many experts who for c ags arrival much later despite skepticism, all ministries that OpenAI is on track to achieve this ambitious goal, emphasizing ongoing achievements and substantial funding, while also suggesting that the initial societal impact of agi might be minimal.

In a why combinator interview, altman expressed excitement about the potential developments in A G I for the coming year. However, he also made a surprising claim that the advent of A G I would have surprisingly little impact on society, at least initially. This statement has Sparked debate among A I experts and enthusiasts, given the potentially transformative nature of agi and old man's optimistic timeline stands in start contrast to many other experts in the field, typically project A G I development to occur much later around twenty fifty.

Despite the scepticism, altman maintains that OpenAI is actively pursuing this ambitious goal, even suggested that might be possible to actually at A G I with current hardware. This confidence, couple with open a eyes, recent six point six billion funding round and its market valuation exceeding one hundred and fifty seven billion dollars underscores the company's commitment to pushing the boundaries of A I technology. Achieving artificial general intelligence faces several significant technical chAllenges that extend beyond current A I capabilities.

So here we have four bullet points that outline where, where, what agi needs, that there's no sign up today. First, common sense reasoning. A G I systems must develop intuitive understanding of the world, including implicit knowledge and unspoken rules to navigate complex social situations and make everyday judgements.

Number two, context awareness. Agi needs to dynamically adjust behavior and interpretations based on situation, factors, environment and prior experiences. Third, handling uncertainty.

A G I must interpret incomplete or ambiguous data, draw influences from limited information, and make sound decisions in the face of the unknown. And fourth, continual learning. Developing age systems that can update their knowledge and capabilities over time without losing previously acquired skills remains a significant chAllenge.

So one thing that occurred to me as I read those four points, reasoning, contextual and awareness, uncertainty and learning, is that none of the ais i've ever interacted with has ever asked for any clarification about what I am asking. That's not something that appears to be wired into the current generation of A I. I'm sure I could be simulated, no, if I would further raise the stock Price of the company doing IT.

But IT wouldn't really matter, right? Because IT would be a faked question like that very old eliza photo therapist program from the seventies. You know, you, you, you would type into IT.

I'm feeling sort of cranky today. And IT would reply, why do you think you're feeling short of cranky today? No, IT wasn't really asking a question. He was just programmed to seem like IT.

Was you understanding what we were typing in? The point I hope to make is that there's a hollow ones to today's A I, you know, it's truly an amazing search engine technology, but IT doesn't seem to be much more than that to me. There is no there's no presence or understanding behind its answers.

The complexity article continues, saying overcoming these hurdles requires advancements in areas such as neural network architectures, reinforcement learning. And transfer learning. Additionally, agi development demands substantial computational resources and into disciplinary collaboration among experts and computer science, neuroscience and cognitive psychology.

While some A I leaders like sam altman predict agi by twenty twenty five, many experts remain skeptical of such an accelerated time line. A twenty twenty two survey of three hundred and fifty two A I experts found that the media estimate for a development was around twenty sixty, also known as security. Now episode two thousand eight hundred and sixty um ninety percent of the three hundred and fifty two experts surveyed expect to see A G I within one hundred years, ninety percent expected.

So not to take longer than one hundred years but the media is is by twenty sixty so no not next year, as sam suggests, they wrote. This more conservative outlet stems from several key chAllenges. First, the missing ingredient problem.

Some researchers argue that current A I systems, while impressive, lack fundamental components necessary for general intelligence. Statistical learning alone may not be sufficient to achieve A G I. Again, the missing ingredient problem.

I think that sounds exactly right. Also, training limitations, creating virtual environments complex enough to train and agi system to navigate the real world, including human deception, presents significant hurdles and third, scaling chAllenges. Despite advancements in large language models, some reports suggest diminishing returns in improvement rates between generations.

These factors contribute to a, to a more cautious view among many A I researchers who believe agi development will likely take decades rather than years to achieve. OpenAI has recently achieved significant milestones in both technological advancement and financial growth. The company is successively closed and here there they're saying again a massive six point six billion funding round, valuing at at one fifty seven billion dollars.

But you know who cares? That's just, you know, sam. As a good salesmen, they said this round attracted investments for major players like microsoft and video and soft bank highlight the tech industry's confidence in open a potential.

The company's flagship product, ChatGPT, has seen exponential growth, now boasting over two hundred and fifty million weekly active users, and you count me among them. OpenAI has also made substantial inroads into the corporate sector, with ninety two percent of fortune five hundred companies reportedly using its technologies. Despite these successes, OpenAI faces chAllenges including high Operational costs and the need for extensive computing power.

The company is projected to incur losses of about five billion dollars this year, primarily due to the expenses associated with training and Operating its large language models. So when when I was thinking about this idea of, you know, we're just gone to throw all this money at IT and it's gona solve the problem and all, look, you know, the solution is gonna. Next year the the analogy that hit me was curing cancer because there there sort of is an example of, you know, all look, we just we had to breakthrough and this is good to, you know, cure cancer is like, no, we don't really understand enough yet about human biology to to say that we're going to do that.

And I know that the current administration has been in all these cancer moon shots and is like, okay, if you actually talk to any biologists about this or you just think that you can pour money on IT and it's going to do the job. So that's not always the case. So to me, this notion of the missing ingredient is the most salient of all of this is like what we may have today has become very good at doing what he does.

But IT may not be extendable. IT may never be what we need for agi. But I think that that what I shared so far gives a bit of of calibration about where we are and what the goals of A G R of A G I are um I found a piece also an information week where the author did a bunch of interviewing and and quoting the people that I just I want to share just to finish this topic.

IT was titled artificial general intelligence in twenty twenty five. Good luck with that. And I had the teaser A I experts have said IT would likely be twenty fifty before agi hits the market OpenAI C E O sam altman says twenty twenty five, but its a very difficult problem to solve so they wrote a few years ago, A I experts were predicting that artificial general intelligence would become a reality by twenty fifty.

Open eye has been pushing the art of the possible along with big tech, but despite sammons estimate of twenty twenty five, realizing agi is unlikely soon. Hp new quest, author of the brain makers and executive director of the relay er group, a consulting firm that tracks the development of practical A I said we can't presume that we're close to agi because we really don't understand current ai, which is a far cry from the dreamed of A G I. We don't know how current A I arrive at their conclusions, nor concurrent a even explain to us the processes by which that happens.

That's a huge gap that needs to be closed before we can start creating N A I. That can do what every human can do. And a hallmark of human thinking, which A G I will attempt to replicate, is being able to explain the rationality for coming up with a solution to a problem or an answer to a question.

We're still trying to keep existing large language models from hallucinating uncle. And I just interrupt t to say that I think this is the crucial point either. Um I know rather earlier I described ChatGPT as being a really amazingly powerful internet search engine partly that's because that's what i've been using IT to replicate um for my own needs.

As I said, it's been a maculate replacement for a bunch of searching I would otherwise need to do myself. My point is this entire current large language model approach may never be more than that. This could be a dead end, you know, if so, it's a super useful dead end.

But IT might not be the road to agi at all. IT might never amount to be more than a super pippi search engine. The infor week article continues.

OpenAI is currently alpha testing advanced voice mode, which is designed to sound human, such as pausing occasionally when once speaks to draw breath. IT can also detect emotion and non verbal clues. This advancement will help A I R A. I see more human like, which is important, but there's more work to do and and Frankly, that's where we begin to get into the category of party tricks in my opinion.

Like you know, making IT seem like more than IT is, but I still isn't IT were teen CEO of zero GPT, which detects generative A I use in text, also believes the realization of agi will take time. In an email interview with the article's author, Edward said, quote, the idea behind artificial general intelligence is creating the most human like A I possible, a type of A I that can teach itself and essentially Operate in an autonomists manner. So one of the most obvious chAllenges is creating A I in a way that allows the developers to be able to take their hands off eventually, as the goal is free to Operate on its own technology, no matter how advanced cannot be human.

So the chAllenge is trying to develop IT to be as human as possible. That also leads to ethical dilema. Regarding oversight, there are certainly a lot of people out there who are concerned about A I having too much autonomy and control.

And those concerns are valid how the developers make A G I, while also being able to limit its abilities when necessary. Because of all these questions that are limited capabilities and regulations. At the present, I do not believe that twenty twenty five is realistic. Current A I, which is artificial, narrow intelligence. A N I, performs a specific task well, but IT cannot generalize that knowledge to suit a different use case.

Max lee, the CEO of the decentralized AI data provider and an adjunct associate professor in the department of electrical engineering at columbia, a university, said, quote, given how long IT took to build current AI models, which suffer from incessant, i'm sorry, from inconsistent outputs, flawed data sources and unexplainable biases, IT would likely make sense to perfect what already exists, rather than start working on even more complex models in academia. For many, for many components of A G. I, we do not even know why IT works, nor why IT does not work.

Unquote to achieve A G, I, A system needs to do more than just produce outputs and encourage, employ and engage in conversation, which means that LLM alone won't be enough, alex James, chief A I officer at the A I company data miner, said in an e mail interview. Cope IT should also be able to continuously learn, forget, make judgments that consider others, including the environment in which the judgments are made. And a lot more for that from that perspective.

We're still very far it's hard to imagine agi that doesn't include social intelligence. The and current AI systems don't have any social capabilities, such as understanding how their behavior impacts others, cultural and social norms that unquote a sergey cause, to which the deputy C. T.

O. At the gambling software company soft switz said, quote, to get to agi, we need advanced learning algorithms that can generalize and learn autonomously, integrated systems that combine various A I disciplines, massive computational power, diverse data and a lot of into disciplinary collaboration. For example, current AI models like those used in autonomists vehicles require enormous data sets and computational power just to handle driving in specific conditions, let alone achieve general intelligence.

Uncle l lambs are based on complex transformer models. While they are incredibly powerful and even have some emergent intelligence, the transformer is retrained and does not learn in real time. For A G, I, there will need to be some breakthrough with A I models.

They will need to be able to generalize about situations without having to be trained on a particular scenario. A system will also need to do this in real time, just like a human can when they intuitively understand something. In addition, A G I capabilities may need a new hardware architecture such as quantum computing, since GPU will probably not be sufficient.

Note that sam altman has specifically disputed this and said that current hardware will be sufficient. In addition, the hardware architecture will need to be much more energy efficient and not require massive data centers. LLM are beginning to do causal inference and will eventually be able to reason.

They'll also have Better problem solving, a cognitive capabilities based on the ability do injust data from multiple sources. So okay, what's interesting is the degree of agreement that we see among separate experts. You know they're probably all reading the same material so there are some degree of of convergence in their thinking.

But you know all men is an outlier um and IT seems to me as though these people know what they are talking about from the things they've said. Um perhaps you know maybe sam has already seen things in the lab at OpenAI that no one else in the outside world has seen because that's what IT would take for sam to not be guilty of overhanging and over promoting his companies near term, term, future. Now I put a picture in the shown note you had on the screen.

There a second go, leo. That is not a markup, that is not a simulation. This is an actual image of a tiny piece of cerebral tissue. Those are neurons and x ons and then rides. They are the the the coloration was added but that but those that is actual human brain tissue in that photo in the show notes.

Um i'm especially intrigued by the comments from the top the the top academic A I researchers in the world who admitted to this day no one actually understands how large language models produce what they do given that i'm skeptical that just more of the same will result in the sort of quality native advancement that agi would require, which is certainly not just more of the same when I said in the past that I see no reason why a true artificial intellect could not eventually be created, I certainly did not mean next year I meant some day I meant that I believe that a biological brain may only be one way to create intelligence. One thing I ve acquired during my research into the biology of the human brain is a deep appreciation for the astonishing complexity, I mean, astonishing of the biological computing engine that is us. The number of individual computing neurons.

And the human brain is ten to the eleven. okay? So that's one hundred billion, one hundred billion individual neurons, a billion neurons, one hundred times over. So you consider that a billion neons a hundred times.

And not only are these individual neurons very richly interconnected, typically having connections to twenty thousand others, each individual neuron is all by itself, individually astonishingly complex in its behavior and Operation. They are far from being simple, integrative binary triggers like, you know, we learned in elementary school, and we have one hundred billion of these little buggers in our heads. So perhaps sam is gonna surprise.

The rest of the world next year, we'll see color is sceptical but not disappointed. As I said, i'm quite happy to have discovered the wonderful language accessible internet digest that ChatGPT is. You know, that's more than a simple Patrick.

It's a big deal and it's, I think, kind of magic. But I suspect that all IT is is what IT is. And for me, that's enough. For now, i'd wager that we have a long ways to wait before we get more.

What how how would you know if something is in an agi? That's one of the things is bothered me. The turing test is not real. There's a chinese room test .

that .

maybe a little Better. I think there's really no way to judge IT.

No, no. I mean, IT IT would. Well, another perfect example is chess. Once a part of time, you could have easily said, well, humans are they like, you know humans can play chess.

No machine can play chess, right? right? I mean that that was something people were saying for a long time right now. We just know we the the computers are blown pastas. So um and and for me and and I know that you have also used a constrained domain large language models.

What would you have trained by dumping all of a bunch of lisp textbooks into IT and then be able to ask questions? You know this is a fantastic technology that we have, right? But I think IT is it's very much in the same way that like the solution we have for cancer is by by by using uh, chemotherapy to limit growth of our whole body because cancer cells are are a problem because they're able to reproduce that such a high rate.

I mean, it's it's like like we don't we have not even begun to to to start an actual cure. Uh, we we just have sort of mitigation that is able to to push people in into remission. So my feeling is that I agree with the experts who suggest that the what we may see today is we should regard as nothing more than what IT is. And there's no reason to believe that that we're gono na get is some sort transformation just by getting more of the same.

yeah. I also think that looking for an agi is maybe not really the sensible end of goal that machines could be as useful as an agi or as powerful in a gi without actually being a general intelligence. I don't know if that's a reasonable thing that would be measuring. Well.

IT is certainly the case that if you if we had something where people could could describe casually exactly how uh how they wanted a computer program to Operate and actually, like, I got a functioning era, bug free, yes, thing that would be transformative for the world of coding, right? And I would not be surprised, yes, I would not be surprised if we don't have something like that. Before long.

I asked my one of my favorite ais, perplexity AI, which is a search internet search engine. You should give you a try and set how you seem to think or seem to like using A I. So I asked, is there a test for agi? Imagine the turing test, some other tests, but then imagine some casual tests, like the coffee test.

An AI enters an average american home and figures out how to make coffee. You know what? If, if, if a robot could do that, IT may not be A G I, A boy, that's that's impressive, or could go to college.

Roles in university obtains a degree, passing the same classes as humans. I think we might be close to that. The ika test in AI controls a robot to assemble flat pack furniture correctly after viewing parts and instructions. Many humans can't do that.

So that would .

be an interesting test as well. I just I think that that those are obviously kind of silly, but that points out there is no kind of accepted definition for what agi is. And there are many different ways, just as with humans, there are many ways to be intelligent.

I think there are many ways for a machine to be usefully intelligent. If the machine could come in my house and make coffee without any advanced knowledge about that, except kind may be a basic, basic idea of what coffee is and how to make IT, i'd be impressed. I think that would be useful, may not be A G I, but would be pretty cool anyway. Yeah, there was a happy .

live when we were growing up. There was a game is called dim.

Yeah.

of them and there was a way to to set up um a um a computer using match boxes and matchsticks where where you would you you basically this thing was like an a very early combinatorial computer and and by by iterating on this you would you were training IT to make the right decisions over time about how many sticks to take away when a certain number of a matchsticks remained. And I mean that this is the kind of what the fashion me as I was a kid, I was was climbing stairs on the outside of the band ister. I was.

but see, that's combinatorial math. And you can easily see how to be simple to program something. I have a kind of a famous book, a list book, as IT turns out by a Peter, David called the paradigms of artificial intelligence programing.

And IT talks about the some of the earth is is an early book, I think, thirty or forty years old now it's in public of a in settle. But he talks about some of the early attempts to do what he called GPS, a general problem solving machine. And it's basically that it's a combinatorial thing.

You'll try this and then this and then this and if that is a work right, backtrack and try this and this. And you can see how you could solve chess that way given a fast enough machine or even go, which is a lot more difficult to play yeah than chess or protein folding. A lot of things that does those are useful tools. Maybe not intelligent, but we don't even know a human intelligence is so I don't .

know how we yeah and and I think you're right when you measure protein fold and there are many people who are expecting with like that, that what we have now or could have in a year or two could make dramatically change healthcare by by like you know looking at mass amounts of data and and pulling associations and relationships out of that, that we don't see, right? Because he just has a scope that that we don't have.

And that's really more A A question. And that has something to do more with capacity, the amount of data you can store, which is so much faster than a human mind, the amount of speed with which you can process IT, again, faster than a human. But that isn't make an intelligent, that makes IT faster and bigger.

And bigger in some ways, I think, is a fascinating subject. I, as you probably feel the same way as as science fiction fans, I think we both would love to see agi in our lifetime. Just be fun to talk to an alien and intelligence that we created.

IT would certainly be the case that that creating a conversation would be a next step if if you actually got a sense of, you know, there are being something there, I just I know I get no sense that is anything other than you and it's clearly you is you know, IT refers to itself in the first person. You know, it's like, let me know if it's anymore I can do for you and so they're like, you know, they gave you a bunch of sugar coating that is designed to make us think like no, like we talking to to an entity that's not an entity.

Even the word lluagor ation really is an inappropriate at the movies ation of what's really going on yeah.

calling a mistake.

a mistake.

a mistake.

It's an error. Steve has always fascinating show, great information, lots of food for thought. We just got an email from a prisoner who listens to the show, but is not he allowed to listen to the podcast in the in the library, but he can't read the shown notes because he doesn't have access to the internet and he said, could you print out the shown notes and male in to me and I think we will I think that that I think they should allow that talk about rehabilitation.

Start listening to this show by the time you get to episode one thousand two, you're gonna pretty smart about this computer style. You'll have a career when you get out. Thank you.

Well, you might. Well, i'm glad you listen to the show, and I hope you keep listening. A special thanks to our club to IT members who make this possible with her seven dollars a month. That's all.

IT is at the lowest Price of any podcast network for all the shows we do, for all the content we do, for access the add free versions of the shows, specials we put on, like our photo specials or coffee specials, coding. There's all sorts of stuff going on crafting in the club. I think that's a pretty good deal for seven books.

And IT really makes a difference to our bottom line if you have not yet joined. Please go to whip that TV slash club to IT two weeks free. You can see what it's like. And if you refer somebody, you'll get a link when you sign up.

If you use that link, put on your social and refer somebody, you'll get a three months for everybody who joins, which means you you could possibly, if you have enough friends, never pay for club to IT at all, twitter TV slash club to IT spread the word and for our existing members. We thank you so much. We do this show every tuesday right after mac break weekly, then ends up being about one thirty to pm pacific, let's say five pm twenty, twenty two hundred UTC. I mention when we do IT because we stream IT again, thanks to the club members, we're able to stream this live on eight. I have to put up the fingers .

because I can.

I lose track. Eight different platforms. There's the club to IT discord.

There's tiktok, there's ext a com, twitch, youtube linked in kick. And I left out some facebook. Did I get linked in one of them? Lots of places.

You know, if you go to tweet that TV slash live, you'll see a list of all of them. Watch live if you want. But I highly encourage you to get a copy of the show.

Now you get IT from Steve if you want. We certainly encourage you to do that. Grc 点 com， he has a couple of unique versions on his website.

the sixteen killed .

bit audio version, which is also scratchy. But it's small. It's small, small but scratchy. I know people like that.

He also has the sixty four killed bit audio less scratchy sounds a lot Better. But yeah, it's five times bigger, four times bigger. He also has the transcripts, which are great.

We mentioned those earlier, or lane forest, as those who does a wonderful job, their grave for searching, or I think people like to read along. In fact, somebody had a tip. I saw that.

Listen, a double speed and then read along with IT. You'll understand IT all completely, but you'll get IT done. And half the time is not a clever idea.

Try IT to having subtitles. exactly. It's subtitles for the show.

G and really good ones, right? Not computer generated grc docomo. Here they are. Take a look at spin, right? Six point.

One is the current version of the world's best mass storage, maintenance, performance enhancing and recovery utility. You have mass storage. You need spin, right?

Get a copy.

Right now. It's Steven's bread and butter, not. But soon something else is coming along.

I will be paying for that perversion of the dm bench marketing. That's would be, I can't wait to see that. I keep that when and all the time. Lots of stuff there for free, including wheels up.

G, R, C document y.

somebody was saying if his email said Steve would just publish his email, I would send IT them. Do not send me email for Steve. Send IT to Steve.

Here's how go to grc that comes slash email and are your email address? Excuse me, optionally sign up for the newsletters but but that's optional. You don't have to but he will invalidate your e mail dressing and .

we just send a email, a security. Now at grc dot com.

you just send IT. It's amazing that's new actually and it's a really good solid solution to to Steve emails problems. So again, grc dom slash email we have to show in our website took that TV slash sn.

When you're there, you'll see a link to the youtube channel. Great way to share a little clips. Please do that.

People don't listen to secure now shit. Send them some useful stuff so you're missing a great show. Um you should be listening.

That helps us a lot. So G R C, i'm sorry, twitter TV slashes. There's a youtube link there and there's also, of course, best way to listen.

Subscribe in your favorite podcast player. You'll get IT automatically. There's audio and video and know then you don't have to ever worry about IT.

You'll have a security now in your inbox suitable for listening at any time. Still have a great week up about a third of the way through Peter f. Hamilton on acidic .

if dragon a little bit I at I met three quarters and it's like, okay.

I was afraid of that yeah so far I have to say third .

of the way and it's dripping well is so inventive IT is definitely that um so which you think when you get to seventy five percent I am talk it's like, okay, it's a lot of work。 You really get what that in your science fiction no.

you've got to what they call the slog. Yeah the slog is never fun. We got the slog with .

that one with the alcohol and and then that other were last. Whatever that I don't. I remember all the kids on that planet, they were running around and know what happened is okay, Peter.

it's hard to write a thousand page novel and keep IT going all time.

yeah. Well, what we still love.

we do. Thank you, mister gibson. Have a great week. Will see you next week?

No, but. Security now.