UL NO. 463 | Launching 2025, US Soldier Data Leak, AI Agents Emerge, China's Global Spy Network, Robotaxis Now Safer Than Humans

Hey there! Welcome to 2025!

A few notes about the end of last year and how I’m approaching this year:

• I relaunched my website, separately from the newsletter. So happy with the new design, which is quite similar to the last one before I merged it with Beehiiv. Beehiiv is great as a newsletter platform, but I need more control over my content—just like I’ve been preaching all these years. Beehiiv was a nice consolidation step and now we’re moving towards the ideal. Markdown / Vite, if anyone is curious. Still lots of work to do on it. PREVIEW THE NEW SITE

• End of 2024: Spent over 60 hours optimizing my productivity and tooling for 2025. That’s notes, automation, AI workflows, processes, computer, network, operating system, text editor, app launcher, menu bar, keyboard shortcuts….basically everything. Releasing a video on it for members next week. And it’s the topic of this month’s mid-month meetup as well.

• For 2025: More focus and more discipline. My primary projects for 2025 will be launching SamePage and Human 3.0, with building out my own Daemon and doing other broadcast/tech/H3 related stuff will be the ever-present secondary.

• Here’s what I expect for 2025:

  • A lot of chaos that comes with a lot of opportunity

  • A bias towards action, i.e., people who act will have the advantage

  • The AI companies move towards Agents

  • Many AI companies start failing because they were riding hype

  • Big Tech and truly innovative AI companies start to hockey-stick

  • Developers switch from minor AI assistance to largely AI-based dev

  • It becomes more obvious that AI will replace lots of knowledge work

  • The AI discourse switches from ASI to human work replacement

  • More people start asking what humans are supposed to do post-work

It’s going to be wild, and I’m happy to be on the ride with you.

Daniel

SECURITY

A US Army soldier was arrested for allegedly selling AT&T and Verizon customer data as the hacker "Kiberphant0m". The 20-year-old communications specialist Cameron Wagenius allegedly stole and leaked sensitive call records, including what he claimed were logs from presidential candidates. MORE

There’s a critical security release for iTerm2 fixes a remote code execution vulnerability in the terminal emulator's renderer process. But you should be switching to Ghostty anyway! MORE | GET GHOSTTY

China has turned one of its most prominent pro-democracy dissidents into a spy by threatening his sick parents. Tang Yuanjun, a Tiananmen Square protest participant and exile living in New York, was arrested by the FBI in August 2024 for collecting intelligence on fellow activists for Beijing. MORE

Amnesty International says attackers used a HomeKit vulnerability to deploy Pegasus spyware on Serbian journalists' and activists' iPhones. MORE

Holy crap: Russia is using Ukrainian kids to help them target airstrikes by having them play "quest games" that involve taking photos and videos of military targets. The FSB recruited two separate groups of 15 and 16-year-olds in Kharkiv who were asked to visit specific locations and take pictures of the surroundings, which were then targeted in airstrikes. MORE

Microsoft says it's going to delete passwords for a billion users as password attacks double every year, and they’re now blocking 7,000 password attacks per second. 🤯 MORE

The Treasury Department got hacked through their BeyondTrust remote support software by Chinese state hackers. The attackers stole a key used for cloud-based tech support that let them access multiple Treasury workstations and view unclassified documents. MORE | MORE

A vulnerability in Nuclei that lets attackers bypass template signature verification to execute malicious code has been fixed in version 3.3.2. They patched back in September. NOTE: I’m an advisor there. MORE

This is a solid breakdown of how to use ANY.RUN's Threat Intelligence Lookup for proactive threat detection. The article walks through five key approaches including regional threat monitoring, artifact verification, TTP tracking, threat evolution monitoring, and report enrichment. MORE

Congressman Mike Waltz says the incoming administration plans to shift from defense to offense in cybersecurity, specifically calling out Chinese threat actors Salt Typhoon and Volt Typhoon. Yes please. MORE

Missile attacks have now become the leading cause of commercial airline passenger deaths. 926 people have been killed by missile strikes since 2014, compared to 458 deaths from traditional accidents during the same period. MORE

A wilderness survival instructor spent two years infiltrating multiple militia groups, including becoming a top leader in AP3 and gaining access to Oath Keepers leadership. The mole, identified only as John Williams, gathered extensive documentation showing militia ties to law enforcement and surveilled a student journalist, ultimately going public with what he learned. MORE

AI / TECH

Sam Altman claims in a new blog post that OpenAI has figured out how to create AGI. And he predicts AI agents will "join the workforce" in 2025. MORE

The CIA built a tiny robot dragonfly spy in the 1970s that could fly 200 meters to deliver miniature laser reflectors for eavesdropping. The "insectothopter" used a gas-powered fluidic oscillator to flap its wings 1,800 times per minute and could be controlled by an infrared laser beam, though it struggled with crosswinds above 7mph. MORE

Waymo's autonomous vehicles are showing they're significantly safer than human drivers in San Francisco. The company's data shows its robotaxis have an accident rate 6.7 times lower than human drivers in similar conditions, with only 0.41 crashes per million miles compared to humans' 2.75. MORE

United Airlines is moving fast to roll out Starlink internet on their planes, and I absolutely can’t wait. I’m really hoping it’s a simplified connection process too, more like JSX. On a JSX flight you connect to wireless once when you first board the plane, with no password and while still on the runway, and you’re good for the whole flight. Like it’s so good you can have a Zoom call if you wanted to. More people on a 767, though. MORE

The Vision Pro just got an incredible planetarium experience through its Theater app update, letting you turn your room into a full dome theater where you can view the stars. This was a special thing for me growing up where we would have field trips to the Planetarium in San Francisco. It’s why I’m into Astronomy today. Can’t wait to play with this! MORE

Den Delimarsky makes a compelling case for owning your own corner of the internet rather than relying entirely on major platforms. He argues that while big platforms like YouTube and Reddit are useful, they increasingly optimize for engagement and monetization rather than interest and personality. This is the same argument I’ve been making here for like 15 years, but it’s good to hear it from someone else. MORE

HUMANS

The Chart of Everything — The Economist created a stunning visualization showing how literally everything in existence emerged from the Big Bang 13.8 billion years ago. The key insight is that all objects are essentially particles frozen in time at a higher density than their surroundings as the universe expanded and became less dense around them. The chart traces this progression from pure energy through elementary particles, atoms, and eventually to stars, planets, and life itself. MORE

Paul Cohen makes a compelling case for universities to start training polymaths again instead of specialists, arguing that modern problems like climate change and sustainability require broad, systems-level understanding. MORE

A massive 44% of US unicorn founders between 1997-2019 were born outside the US, showing just how crucial immigration is to American innovation. Indian founders led the pack with 90 individuals, followed by Israel (52) and Canada (42). MORE

A survey of 86 convicted burglars confirms that security cameras and alarms actually work as deterrents. Most inmates said they'd skip houses with visible cameras, and they bolt when alarms sound. MORE

IDEAS

Bet on Doers That Treat Failure as Fuel
Jensen Huang just released a massive amount of stuff yesterday, including a new personal AI computer and new GPUs. But the biggest signal I’m getting from him/them is that he’s all in on robotics. I mean most people are still lagging on AI, and he’s already on robots. I am heavy in both NVIDIA and TESLA mostly because of the leaders, not necessarily for any particular product. They both just happen to think AI and Robotics are the future, though, which I also believe. The bigger point is that they are absolute freaking machines. They are thinking all the time. Executing all the time. Non-stop. They couldn’t stop if they tried. Those are the types of people I bet on because it doesn’t matter if/when they fail. They just dust off and keep going. MORE | MORE | MORE

DISCOVERY

Shift — A new Caido plugin product by my buddies Joseph Thacker and Justin (rhynorater), who won Google's LLM Bugswat. It works like Copilot for web app testing, letting you control the proxy using natural language instead of complex syntax. It can generate contextual wordlists and create match & replace rules on the fly, plus it's highly customizable with custom memory and instructions. MORE

Brand AI Analysis Tool — Someone made a cool agent that shows you how ChatGPT perceives and recommends different brands compared to their competitors. The tool analyzes direct comparisons, assumed buyer personas, and specific recommendation scenarios between any two brands. MORE

Hitting OKRs vs. Doing Your Job — A great explanation of how OKRs should focus on new initiatives and changes rather than duplicating regular work tracking. The key insight is that OKRs work better in project-based work (like Marketing) compared to product work (like Engineering) because projects naturally fit into quarters while product work is ongoing. MORE

Raspberry Shake — A line of professional-grade seismographs for home and educational use that can detect ground movements smaller than 1/100th the width of a human hair. MORE

25 Useful Ideas for 2025 — A fascinating collection of mental models and concepts that can help improve your thinking and decision-making in the new year. The list includes gems like how small problems can be worse than big ones (Region-Beta Paradox), and how teaching others is the best way to learn (Protege Effect). MORE

📚 Thank You, Everything — A new children's book explores gratitude through the Japanese concept of tsuumogami, where objects gain souls after 100 years of service. The story follows a character thanking everything from bicycles to fog to caterpillars, illustrated by artist duo Icinori (Mayumi Otero and Raphael Urwiller). MORE

14 Wild Ideas — Robin Hanson shares some fascinating predictions about the future, including that by 2100 most "people" will be immortal computer simulations, and that our nearest intelligent aliens are millions of light years away. He believes at least a third of these wild ideas are likely true. MORE

SF Purity Test — Someone made a hilarious checklist scoring system for how deep you are in SF tech culture, with items like "Applied to OpenAI", "Switched from ChatGPT to Claude and back", and "Told someone you won't date because AGI is coming". MORE

yolo-security — Someone made a parody pentesting company website that generates empty pentest reports to make management happy, complete with fake findings, pretty charts, and executive summaries. MORE

Python One-Shot Tools — Simon Willison shares a clever way to build Python tools using Claude and uv run, where a single prompt can generate a complete working script with dependencies. MORE

CF-Hero — A new tool for finding the real IP addresses behind Cloudflare-protected websites by checking multiple data sources and determining which domains are actually using Cloudflare protection. MORE

Technical Debt is Entropy In Software — An argument that entropy helps explain technical debt in software development, with tech debt representing the integral of software complexity over time. MORE

Types Make Hard Problems Easy — A detailed look at how leaning into type systems (especially TypeScript) can make complex programming problems much simpler, with a focus on letting types flow through the system and making illegal states unrepresentable. MORE

Jetson — Speaking of NVIDIA, I want this. They just released a $249 AI computer that's half the price of the previous model, aimed at hobbyists and small companies. The device is designed to be the "brain" for robots and industrial automation projects, letting them run AI computations directly on the hardware. MORE

NVIDIA Project Digits — Oh crap I want this too. “With Project DIGITS, users can develop and run inference on models using their own desktop system, then seamlessly deploy the models on accelerated cloud or data center infrastructure.” MORE

The Ars Guide to Mechanical Keyboards — A really solid intro to mechanical keyboards that explains why people love them so much. Every key has its own switch with a physical spring (unlike membrane keyboards), and Cherry's 1980s switch designs are still the foundation for most modern keyboards. MORE

lobhn — A neat little tool that shows you which stories are being discussed on both Lobsters and Hacker News, with direct links to both discussions. MORE

RECOMMENDATION OF THE WEEK

When dealt chaos, find a way to benefit from it. 2025 might be completely insane, but like Littlefinger said, “Chaos is a ladder.” He died in the end, but it’s still a good lesson.

Seriously though, there is tremendous opportunity in change.

Treat it as a chance to remake yourself into what you are supposed to be. Start the venture. Build the company. Get the better job.

If chaos comes for you, embrace it. Reflect it back. Soak it in and use its strength to improve.

APHORISM OF THE WEEK

Thank you for reading. Please forward to a friend and/or share on socials to help support the work. 🫶🏼

Daniel