UL NO. 468 | TELOS Patterns, Apple 0-Day, Gumroad Replaces Developers with AI

Hey, happy Tuesday,

A few updates…

• AUGMENTED v3 (Building your TELOS files) was a massive success. Most fun I’ve had teaching a class. Thank you to all who attended; your live input really made it special.

• Going back to roots on story format here. If it’s one sentence it’s one sentence. Writing it myself, and only using the AI for the data/stats/facts extraction. I was already writing in pretty much every summary, but I find it’s better if I start from scratch and write the whole sentence myself. Curious if / how much you notice.

• Created a bunch of new Fabric Patterns focused on analyzing your TELOS file/journal for personal development. They start with t_. LINK

• Sorry for the super loud DnB music in my last video on Raycast. Having a serious conversation with my production team about all the “edit” keywords being left in my videos/podcasts (where I sneeze or clear my throat), and now this music thing. I like the team, but too many things are making it through. Working on it. Oh and we’ll re-release the Raycast video soon without the annoying bit. Although it is hard to apologize for DnB.

• Had some shenanigans with an automated post to my X account yesterday. First thought was my user/pass being compromised (whew!) but I maintain good password hygiene / 2FA. Turns out it was a Twitter/X application posting from “inside the house”. So if you have any Twitter/X apps running in the Twitter/X infrastructure, consider turning them off, or at least watching them closely. Could be something going on back there 👀 .

SECURITY

Someone's using 2.8 million IPs to brute force the passwords of basically every type of VPN and firewall device out there. Most of the IPs are in Brazil. LINK

Apple just patched another zero-day that Citizen Lab says was being used in "extremely sophisticated" targeted attacks against specific journalists and dissidents. LINK

Ken Huang from CSA released a detailed framework called MAESTRO for threat modeling AI agents. LINK

• It addresses gaps in existing models like STRIDE and PASTA that don't handle AI well

• Covers emerging threats like goal misalignment, model extraction, and adversarial attacks

Researchers at WatchTowr discovered ~150 abandoned Amazon S3 buckets that had been used by major software companies, governments, and infrastructure pipelines. The concern is attackers using them for supply chain attacks. LINK

Cloudflare had a significant outage because someone tried to block a phishing URL and accidentally turned off their entire R2 storage service instead. Here's their always strong post-mortem on what happened. LINK

Wallarm released a report on API security that includes a bunch of stats on AI services using APIs. Their big takeaway is that AI security is largely API security, which I 70% agree with. LINK | REPORT

An ex-Google engineer is facing espionage charges for passing confidential IP to China. LINK

Estonia, Latvia, and Lithuania just cut their last major tie to Russia by switching their power grids from the Soviet-era system to the European continental network. LINK

Russian drone operators received boobytrapped headsets, but they had bad packaging that made them suspicious. LINK

AI / TECH

Gumroad says they're no longer hiring junior or mid-level engineers because AI is handling most of that work now. Sahil the CEO says AI is doing 80% of what junior devs can do, and going forward he’ll only hire seniors and architects that use AI. LINK

One of ChatGPT's main architects, John Schulman, left Anthropic after only 5 months, saying he wants to focus more on AI alignment research. Rumor is he might join Mira’s new startup. LINK

A new demo shows an OpenAI assistant having a remarkably natural sales conversation, handling objections and questions while not lying about the fact that it’s AI. LINK

Anthropic released an Anthropic Economic Index Report on how AI is being used in the workforce. They see 36% of people use AI for at least a quarter of their tasks, with most focused on augmentation rather than automation. LINK

Lee Robinson says AI is finally enabling truly “personal” software, where people can build exactly what they need without extra bloat (home cooking vs. restaurants) LINK

LinkedIn is testing an AI tool where you just talk to the interface about what you’re looking for and it returns results. I mean…another way to say this is that LinkedIn is testing a new tool that uses the UX modal that everyone will soon be using.

Chick-fil-A is using drones to fly over, study, and optimize their drive-thrus, helping them achieve the highest per-restaurant revenue in US fast food. Their aerial "Film Studies unit" helped one location boost drive-thru sales by 50% in 2022. LINK

• They’ve got a new Atlanta location serving 700 cars per hour

• Drive-thrus account for 60% of total revenue

• Some locations don’t even have dining rooms

Apple's making a smart home display called the HomePad, which is basically a 7-inch square display that you can put anywhere to control your house. LINK

Uber is in a weird spot because they’re just the middle-man between users and a service like Waymo. They have lots of partnerships with autonomous vehicle companies, but if someone like Waymo wins, why wouldn’t people just use the Waymo app? LINK

TED's Chris Anderson is looking for someone to take over the entire TED organization, and he's running the search like a Willy Wonka contest where anyone can apply. LINK

Christie's is doing their first AI-only art auction, and a lot of traditional artists are pretty pissed about it. February 20 in NYC. LINK

HUMANS

Google says they're getting rid of their diversity hiring targets for 2024, calling their policies "positive discrimination", and saying they were facing legal challenges. LINK

• They did say they’re not getting rid of hiring underrepresented people, just that they won’t have quotas anymore

• Surprising not-surprising that all these programs disappeared overnight on January 21st. What does that tell you?

• Tells me they couldn’t wait for a reason/opportunity to do so

Doctors are now a major client base for weight-loss drugs like Ozempic. LINK

NYC's subway crime dropped by 36% in January because they added 1,200 more police. LINK

• There were only 147 subway crimes in January 2025 vs 231 in January 2024

• They added 1,200 NYPD officers plus 300 specifically for overnight trains

• Every overnight train now has a uniformed officer from 9 PM to 5 AM

A measles outbreak is hitting the least-vaccinated part of Texas, with 9 cases in an area where only 82% of kids are vaccinated (95% is what’s needed for herd immunity). LINK

We’re also in the worst flu season in the last 15 years. But COVID was annoying so let’s not talk about it. LINK

One of my favorite thinkers, Robin Hanson breaks down how different social circles value different status markers. Specifically he looks at how intellectuals like the people he hangs out with pursue and signal value. LINK

• He says most intellectuals chase fame and prestige rather than original insight

• He believes truly engaged intellectuals should dramatically change focus areas over decades, just because different things are likely to interest them

• The highest status in his circle goes to "polymaths" who follow evidence across disciplines

• He references circles of moral concern as a relevant framework

After 12 years of Walmart domination, Amazon just jumped ahead with $187.8B in quarterly revenue compared to Walmart's expected $180B. LINK

• AWS now makes up 17% of Amazon’s total revenue

• Their digital ad business is growing 19% YoY to $14B in Q3 2024

• The market values Amazon ($2.5T) at 3x more than Walmart ($826B)

IDEAS

Paralyzed by Crisis
I’m a bit paralyzed by what’s going on right now in politics, and specifically with the government. I cycle between depressed, apathetic, and very angry. Did the government need to be audited and cleaned up? Sure. Is the best way to start from scratch and be aggressive with it? Sure. But you lose me when I don’t see you being careful about programs that matter, and you really lose me when I hear about people making lists of enemies to go after. I’ve also learned not to trust the narratives anymore. If you listen to Joe and Elon this is the best thing ever. If you go on Bluesky we’ve already lost our country. Again, I’m back to escaping through reading. I feel like the only way we’ll really know how good or bad any of this is, is to see the results of it. In 6 months, a year, or two years. Did we really affect the budget? Did we spend that money somewhere better? Are the lights still on? Are kids starving that used to have food? Feels super weak sauce to say wait and see, but I honestly can’t trust any data telling me one thing or another. I’ll judge it by the effects on actual people.

DISCOVERY

llm-exe — Probably the coolest AI library you’ve never heard of. It abstracts your LLM calls to a universal config and handles all the details for you. LINK | GITHUB | EXAMPLE

mtr — Combines traceroute and ping into one super-useful network diagnostic utility. What's really cool about it is that it actively monitors the connection quality between hops in real-time, showing you exactly where network problems might be hiding. LINK

rpg-map-bundle — A collection of print-and-play RPG maps lets you quickly set up tabletop RPG sessions. LINK

A blog in pure .txt files. Why not? Just write. However you do it. LINK

Science is a Strong-link Problem LINK

A frustrated Redditor asked what career options exist for those who consider themselves less intelligent. LINK

RECOMMENDATION OF THE WEEK

1. Remember there’s only so much one person can do

2. Good books are always there for you

3. Supplement with journaling

APHORISM OF THE WEEK

Thank you for reading. Please forward to a friend and/or share on socials to help support the work.