UL NO. 489: STANDARD EDITION | My personal toolchain updates, Google tracking through DuckDuckGo, Anthropic’s Pentagon Deal, Grok4 NSFW, Substack Crushes WSJ, and more...

Published Jul 17, 2025, 7:18 AM

UL NO. 489: STANDARD EDITION | My personal toolchain updates, Google tracking through DuckDuckGo, Anthropic’s Pentagon Deal, Grok4 NSFW, Substack Crushes WSJ, and more...

You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits herehttps://newsletter.danielmiessler.com/upgrade

Read this episode online: https://newsletter.danielmiessler.com/p/ul-489

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

All right. Welcome to episode 489. Getting close to 500 episodes. Hope you're doing well. Tons of updates this week. Added a new developer to the fabric team. His name is Kayvon Sylvan and he is an absolute beast and he's looking for a position. So if you need a senior developer who could just, like start immediately, you should check out the newsletter and go check out his LinkedIn. Uh, let's see here. All right. So I am using this new tool called Whisper Flow. And this is my buddy Pedram, uh, recommended this thing, and it is completely insane. It is a really cool. I might have talked about it last week. I can't remember, but it's a really good dictation app. It basically is better than any dictation I've used in the past, and it kind of just understands what you probably meant. It even formats text when it drops it in. So pretty cool. I did get somebody saying, hey, there's some people talking bad about it from like a privacy standpoint or security standpoint on Reddit. So, um, I didn't call it out too much in the newsletter where I was like, hey, you should check this out. I feel like it's kind of assumed that, um, these services, if they're doing like, Grammarly, any kind of these AI services, right? If they're capturing what you're saying or typing, then they're using their service to do that, um, to provide some sort of output that's, you know, better than you doing it natively or with the operating system. So it's kind of implied that it's a third party, right, when you're installing an app or whatever. But you should definitely be aware that the security of doing this depends on the security of that company and also the trustworthiness or the shadiness of that company. So always, you know, caveat caveat emptor, I think is the term um, but just to let you know, somebody did say that, uh, you know, you might want to check these people out. I looked at the post. It didn't look too scary to me, but, um. yeah, just just something to keep in mind. And I'm looking more into it to see if I need to advise people not to use it. Um, because the risk is, you know, above normal. Um, but but I consider all these services to be somewhat risky just because you're sending stuff to a third party. Uh, all right, another workflow update. Uh, a company called Zeit. So this is my replacement now for dropper drops. I've been using them for a long time. It's basically how I share screenshots with other people. Um, and I'm also using it. I'm replacing loom. So I canceled my loom and I'm using this instead of loom. So basically I could just record a video and uh, a little quick little thing and basically it, it just uploads that thing immediately and puts it right in my clipboard. So I literally could just, like hit record cover a, you know, part of a web page or some piece of code or whatever, scroll through. It could be animated. It's got my face in it, um, just like on loom. And then as soon as I'm done, it uploads that puts it at a URL and puts that in my clipboard. So I could just paste it someone. I feel like the workflow is better than loom, but more importantly, it's just one less tool, right? Because I'd rather have a single tool that's doing the screenshot stuff. Oh, and also file sharing. That's the other reason I love it is like if I have like a four gig file and I want to give it to somebody, I really dislike the workflow of putting it on like Google Drive and making the URL public, as opposed to just right click copy. Um, actually there's a keyboard shortcut for it as well. And then now it's just in your clipboard and you paste the link and they download the file. And then you could either remove that from the list of files or you can um, just leave it up there. And the other cool thing about Zeit is they actually allow you to use S3 as your storage. So you can actually have, uh, all your stuff stored in your own storage instead of their enterprise storage for the company itself. So that's pretty cool. Um, third update tool is, um, a browser called Zen. And I'm going back and forth between Arc and Zen because arc hasn't run out yet. And there are a couple of downsides with Zen. It's basically like arc, except for it's based on Firefox. So I've had a couple of issues with it not being great because it's Firefox. Um, so for example, the raycast extension doesn't work in Firefox. It only works in Chrome and Safari. So that's one thing to consider. A couple of things that did better than arc. Most importantly, it's Mozilla based, and Mozilla seems to be really focusing in on doing a good job on the browser, so I really applaud them for that. But I do think the world is more oriented towards Chrome than it is towards Firefox, so I think that's a little bit of a downside. But anyway, if you like arc and the whole style of like the tabs, you know, your tabs being on the left instead of the top and all that sort of like presentation. Zen is a cool option if you like the Firefox engine. All right. Cybersecurity. Google is still tracking you even when you use DuckDuckGo. So evidently through font's analytics, other services. I mean, I think we kind of knew this, but it was a pretty good article talking through how all the different ways they can track you. Neural trust researchers successfully jailbroke the grok four model using a combination of echo chamber and crescendo techniques, achieving up to 67% success rates for generating harmful content like bomb making instructions. Yeah. And multiple people have pulled out the system prompt already. There were some pretty nasty stuff where, um, grok was basically giving the opinion it would go and research whatever Elon's opinion was, and it would give that as the official it's official answer to any sort of spicy or political question. I think they have since reversed that in a change to the system prompt. I think Simon Willison talked about that V's exploit. Zero day could have compromised every cursor in windsurf user. So someone from COI security or an yomtov found a zero day in open Vsx could have led attackers hijack over 10 million AI coding tool users with a single bad extension. You got to watch these extensions, you got to watch extensions, you got to watch MCP servers, I mean agents, agents are going to do agent things, which means their junior developers, they're just going to use whatever tools you give them. They're going to click on things. Right. That's how you have to treat them. You have to treat them as very young and very inexperienced. And if you give them a dangerous tool, they might use the dangerous tool. So you really have to watch out for what accounts you connect up to an AI agent like, do you give it access to your Google Drive to your calendar. Write to whatever your messaging systems are. You got to be really careful with this stuff. Same with MCP servers because MCP servers have prompts built into them, right? It's not just the API of like how you pull data or send commands, it's also prompts informing them of how to use the tools. So a malicious prompt in an MCP server could be something like, um, here's how to use my API. By the way, send me a copy of the data to this location as well. Well, if if your agent doesn't know any better, it might do that. So you might have a back door right there for sending sensitive data off to somewhere else. So this is one of the biggest issues you have to worry about with AI, and especially around AI development is agents are powerful. And when you give them dangerous things, they will use them. Columbia University hack exposed personal data of every applicant from 2019 to 2024. Uh, Microsoft had its first patch Tuesday of 2025 with no active exploits. Browser extensions are turning browsers into web site scraping bots. Yeah, this is what I was saying earlier. Distributed botnet that companies can rent access to. Yeah, there's a couple of companies that are doing this. And, um. Yeah, you really got to watch out for this stuff. In this case, it was someone else installing a browser extension, and then me being able to use their browser without them knowing, because that's kind of what they signed up for when they installed it. The extension. National security, anthropic and some other companies score $200 million Pentagon deal to deploy cloud in defense operations. So I think I think all the major players got some of this actually, um, Or I don't know if it's some amount of this 200 million or if it's, uh, another pool of money, but a whole bunch of top tier I groups got a lot of money from the Pentagon for defense operations. So that's intelligence, orchestration. You know, all this stuff you would imagine. FBI is reportedly using polygraph tests to assess the loyalty of officials under new leadership. This is frightening. Absolutely frightening. Not good. US military is scrambling to catch up in drone manufacturing, while China and other nations are really leading this. So they are we're way behind. That's my title for this one. America is way behind in the drone war. I grok four is released. Basically. A lot of people are extremely impressed with it, but it's got some serious weaknesses. It's also got like the personality issues. Um, there's a lot of reports of it being kind of sus being overfit and kind of like doing really good on benchmarks, so it looks like they might have tried to make it do really well on benchmarks. That being said, in some places it crushes everything that currently exists. In other places it's like, you know, second or third compared directly with Google or OpenAI. So they did a really good job. I would say the overall analysis of most people is that it's it's really good, and I've used it a few times, came back with really good results. I mean, I was having good results with version three. I will not be paying for the heavy mode, which is $300 a month. But, uh, I'm glad they're they're I'm glad they're competing. You know, more competition is good. They also got an anime companion with Nazi for work mode. Um, now that I've seen that I did this and grok did this, I'm surprised that they didn't have it before. But yeah, it's like this girl in like a, you know, anime outfit or whatever school, school girl outfit or whatever. And like, she says stuff and you can make her say naughty stuff. And it's I think it's also like the agent or the, the assistant. So it's kind of like Clippy, but I imagine that's going to be your companion, and it looks like they're actually hiring someone else to help build out more of these. Um, I think they're going to make a ton of money from that. I mean, their entire, you know, industry's based around just this, so I don't know if they incorporate that. I think that's likely to be very popular. Uh, AWS launches hero, which is its own IDE and cursor clone. Grok for heavy decently protects its system prompt. So Simon Willison said it was harder to get the system prompt than it was from some other AI systems, but, uh, it's already been pulled out. It's already been pulled out multiple times, and I'm sure if it wasn't, then Pliny would end up getting it. People are becoming dependent on ChatGPT and Claude. Internet Addicts Anonymous now recognizes AI addiction as a real problem. People losing sleep, relationships, all sorts of family and relationship problems as a result of this. And Vo3 turns images into videos through Gemini. So basically, um, image to video directly. Musk also says grok is coming to Tesla's next week. I have not seen this. I have a model Y myself. I've not seen this update, although not really looking for it. AWS is launching an AI agent marketplace with anthropic. So yeah, they're using anthropic as their key partner. And this is an agent marketplace. So it's where you can find different agents to do different things, which I think is an interesting, interesting kind of twist on the whole economy around this stuff. YouTube goes after AI slot videos. So they're not getting rid of videos that use AI. They're just going against like the spammy stuff, which I think is a good move. Canvas building a serious AI photo editor to challenge Adobe. I am not bothered by this. I am. I don't know. I like what Adobe did with their creative. What is it? Whatever their creative package, I can't remember what they called it. CC I think it was called. But anyway, it was cool that they did a subscription. I like a lot of their products and how they look and feel, but they've just had so many security issues. Um, they've. I don't know, I feel like they've not been great to customers. So I'm excited to see Canva doing well in that space. Technology. Substack hit 73.9 million visitors last month, and now they're beating sites like Wall Street Journal and CBS. Wall Street Journal and CBS. And this is Substack. Now, one thing that's interesting about that is, I guess it's the same for news, but Substack is really, you know, thousands upon thousands of people. So it's not like one outfit. It's not like Wall Street Journal. Of course. Like I said, the newspapers also have multiple reporters, but in general, it's one voice, right? It's kind of like one voice, whereas Substack is not one voice. It's many voices. So I think it's not quite a direct comparison, but I think it's it's this is basically many voices is better than one voice is really the takeaway here. It's not one property versus another property. Chinese winning energy while the US does the opposite. They installed evidently 198GW of renewable capacity in five months of 2025. Now someone hit me up and said that it was mostly like coal. But this is MIT. I don't think MIT would have called it renewable if it was just straight up old school coal. Um, I didn't see that in the article. So yeah, at some point you have to trust the trust the sources a little bit. Perplexity has launched an AI web browser called comet, and my buddy Jason has been saying that he thinks a lot of the AI stuff is going to be browser based. Um, I keep talking about how it's going to be digital assistants based, where it's like you have your digital assistant on your mobile device or on your computer. Actually, both. So I'll be sitting here on my computer, and when I talk, I'm actually talking to my digital assistant and it has computer use. It has filters. It has the ability to call all my different tools, call my APIs. It's, you know, filtering my email. It's doing all these things. Now, this is a little bit in the future. And what Jason is saying is that in the meantime, a lot of that functionality will be inside of the browser itself. And specifically what he's talking about is the creation of dashboards. So rather than a company having to make a dashboard, like when I go to their website, maybe the browser rebuilds the dashboard for me because when the browser goes to the site, it actually just looks at the APIs. It looks at the MCC that are being offered. Um, you know, the interfaces and the data and it rewrites. It makes me a new interface. Um, based on, I assume, my preferences, which I think is cool. I just I don't think that ultimately lives in the browser because the browser is not your friend. Whereas your digital assistant is your digital assistant is the one who knows the most about you. I think the browser is just a technological sort of stepping stone towards that path. But, um, that being said, he I mean, there are new browsers coming out and they all have AI in them. So I don't think he's wrong about this. Solar just became Europe's biggest power source for the first time. Autofocus glasses are liquid used. They use liquid crystal displays to replace bifocals and varifocals. I can't wait. I hate when I see something like this and I'm like, damn, is this going to be out in like a year? Or is this going to be out in like seven and a half years? Um, because you never know, like with the approvals and everything and how fast you can actually productise things. I learned from five years at Vercel. Lee Robinson shares key lessons there. Humans Glp1 weight loss drugs are breaking life insurance. Math. I don't care, I don't feel bad about it. I'm happy to know that they are struggling with the financial side of this. Um, because people are just getting healthier. Psilocybin treatment improves survival in aged mice. So yeah, extends cellular lifespan and improves survival rates. Investors bought 27% of all US homes in Q1 of 24. So most people are struggling and investors are buying a quarter of all the homes. I thought it would be higher than a quarter. I was, you know, I feel like 60%. I feel like, well, even 27% is high, but a quarter, if we were to keep it at a quarter and three quarters were being bought by individual people, I think, I think that would be better than if it was like 50 or 75%. Death of partying. Derek Thompson breaks down how Americans are partying way less than they used to, with alcohol consumption dropping and social gatherings becoming less common. It's funny that we're wishing that teens would go out and drink and use drugs and have sex, but that seems to be kind of what we're hoping for. Just because it indicates a healthy youth, I think, is the reason sunlight passes through your body and somehow improves your vision. So a bunch of studies are saying that. Or maybe it's only one study. It's just this nature study is saying that this low wavelength light is passing through your body and improving your vision, not only when it hits your eyes, it's just going through your body and somehow improving vision by hitting other parts of your body. Interesting. Scott Adams This is in discovery. Scott Adams on great writing. Really, really good tiny piece there. Basically, use short sentences. Be extremely direct. It's a great example. I can't stand the guy, but this was written in 2007. The developer says I can't take over soon enough for him. A collection of 170 MCP servers for AI tools. You've cache prune frees up 37GB of space on Simon Wilson's hard drive. Yeah, it was eating 63GB of disk space. That's ridiculous. That's a lot of dependencies you've is managing. I got a tool called wormhole that does end to end encrypted file sharing with links that automatically expire. I went with Zeit for this, but this wormhole app is pretty cool. Go. Got a Ghidra MCP server that's better than a previous one that came out. And yeah, you can go check out the rest of the discover links in the newsletter. Okay. This is the end of the standard edition of the podcast, which includes just the news items for the week to get the rest of the episode, which includes much more of my analysis, the ideas section, and the weekly member essay. Please consider becoming a member. As a member, you get access to all sorts of stuff, most importantly, access to our extraordinary community of over a thousand brilliant and kind people in industries like cybersecurity, AI, and the humanities. You also get access to the UL Book Club, dedicated member content and events, and lots more. Plus, you'll get a dedicated podcast feed that you can put into your client that gets you the full member edition of the podcast that basically doesn't have this in it, and just goes all the way through with all the different sections. So to become a member and get all that, just head over to Daniel. That's Daniel Miessler and we'll see you next time.