The Dark Forest Part 3: Video Games have Changed

I have a one-year-old son and I’ve been thinking about how his experience of video games will be very different from mine. Not to be all old man shaking fist at cloud, but I am not convinced this difference will be a good thing. Why? Because video games have changed radically thanks to shifting economic forces that have led to squeezing profits out of games in a way that has fundamentally reshaped the way they are made and the way that they are played. Video games, unfortunately, are as much a part of the Dark Forest and as other type of modern technology.

I think it started 19 years ago when Bethesda introduced the first paid downloadable content for The Elder Scrolls IV: Oblivion. PC games traditionally had been very open and easily modified by the community of players. Bethesda had a business idea, though, to offer a purely cosmetic item for your in-game horse for $3. They saw it as a potential revenue stream on top of the purchase price of the game. The community laughed at them and moved on, but the handwriting was on the wall. From that point forward games became harder to modify, with exceptions, and more and more content was gated behind the downloadable content pay wall. Most of the time the DLC was cosmetic or maybe added a new level to the game, although several massively multiple player games would offer huge expansions that were almost a whole game’s worth of content by themselves. Overtime this wasn’t enough, and it evolved into “loot boxes” which meant you paid money for the opportunity to spin a digital wheel and HOPE that you got the item you had wanted. This essentially amounts to gambling and children can do it. Some European countries and China have recognized it as gambling and banned the practice. With the rise of mobile gaming on smart phones we then started to get “Gacha” games coming over from Japan. This style of game combined loot boxes with live services to entice people to keep playing. But the most recent evolution has been the movement towards the “Forever” game or as I like to call them, Games as a Service (GaaS). This combined all the addictive properties of loot boxes, live services, “freemium” and the subscription fees model to keep people trapped in a persistent treadmill that becomes extremely difficult to get off of. The whole idea of the Forever games is that you won’t need to ever play anything else. Fortnite and Robolox are examples of these Forever games, and they are squarely aimed at children. From the business perspective, the goal is recurring revenue by entrenching your player base so they never stop playing. Why sell a game once when you can sell it once and then extract more profit from the buyer in the form of a never-ending revolving door of new content of questionable value? Some developers have even resorted to the use of so called “dark patterns” which is a method for manipulating the player into do something they may not willingly otherwise do and that may be against their best interests. They exploit cognitive bias to drive user engagement and retain attention. These strategies are starting to draw the attention of Federal Regulators. In 2023 the FTC required Epic, the maker of Fortnite, to pay $245 million to consumer to settle charges they used dark patterns to manipulate children into making purchases in the game.* Unfortunately most game developers are seemingly prowling around the Dark Forest, like most other companies, looking for someone to devour.

So what do we do? The simplest answer is don’t let your kids play video games. But like most things in life, the simplest answer is often the incorrect one. The right answers are usually hard ones that come at the cost of the investment of our time and effort. In this case I think it we must meaningfully engage with our kids and video games. Although I do think a good first step is not to let our kids have access to freemium model or GaaS style games like Roblox and Fortnite. This is going to be incredibly difficult due to their popularity. But Minecraft is equally as popular and doesn’t have to be nearly as exploitative. The next step is to learn about games, if you aren’t a gamer. In the old days kids would just ask for a game for holiday or birthday gift, and we would buy it without a thought. Now you need to spend time researching a game and engaging with your kids to understand why they are interested in it. You may need to find a way to redirect them to a game that’s more appropriate, but you can’t do that without know what to redirect them to. Also, go old school. The platformers we grew up with like Super Mario World and Sonic the Hedgehog are still good games but have also given birth to successive generations of platformers that are just as amazing. Games like Fez, Celeste, and Shovel Knight, mix puzzle and problem solving with jumping and moving. Celeste is especially good because it offers lots of options for tuning the difficulty and accessibility options. If you really want to play it safe, Nintendo is still incredibly popular and always a safe option. They have largely resisted the move towards freemium, GaaS and microtransactions. They do lock their library of classic games behind a subscription service, which is a bummer. They are also adding voice and video support for their latest console/handheld the Switch 2, so that will require more monitoring. Gaming on smartphones and tablets in largely a very different animal. I honestly just stay away from that all together. However, Apple Arcade is a great subscription service that offers a lot of games without the distraction of ads. The games on the service usually aren’t the type to keep you on a treadmill, but still do your research. Finally, don’t give in to moral panics. There is a long tradition of blaming games for societal or behavior problems. It’s a simple answer, which, in this case, means it’s wrong. Things like the Dungeons and Dragons** moral panic of my childhood or the rush to blame violent games for school shootings have no basis in fact.*** Don’t form your opinions about video games based on a Facebook post made by crunchy Karen down the street. But seriously, why is anyone even still on Facebook? Well, I guess you could get some cheap used game on Marketplace.

If you want to go deeper on this topic or are just looking for a good resource, the longtime games journalist Patrick Klepek has an excellent newsletter/blog called Crossplay where he is entirely devoted to the subject of kids and games. It’s linked below and I highly recommend it.

If you want to catch up on my Dark Forest series, you can find them here and here.

Sources:

*https://www.ftc.gov/news-events/news/press-releases/2023/03/ftc-finalizes-order-requiring-fortnite-maker-epic-games-pay-245-million-tricking-users-making

**https://www.bbc.com/news/magazine-26328105

***https://fortune.com/2023/05/02/stanford-researchers-scoured-every-reputable-study-link-between-video-games-gun-violence-politics-mental-health-dupee-thvar-vasan/

Crossplay

A newsletter at the intersection of parenting and video games.

By Patrick Klepek

Translation State by Ann Leckie

I got off to a rough start with this one in early 2024 and put it down. Leckie’s Imperial Radch Trilogy aka the Ancillary books are some of my favorite space opera style science fiction in the past decade. Translation State is set in the same universe and fills in some interesting background on one of the most mysterious characters from those books, The Presgar Translators. My expectations were a bit too high, but I jumped back in and plowed through this in January and really enjoyed it once the three intertwined plots started to make more sense as their orbits came closer to each other.

Not Till We Are Lost by Dennis E Taylor

This is the fifth book in the Bobiverse series. If you aren’t familiar, it’s story of a slightly above average IT worker who knows a bit about science who has their consciousness transferred into a Von Newman probe shortly after their unexpected demise. They then set about to explore the galaxy. I can’t even begin to explain the places this series goes. I really enjoy it because it uses an extremely realistic physics model to underpin its hard science fiction. It’s like the antithesis of the Star Trek model of magical science that solves the problem by the end of the episode. This entry in the series was a good bit shorter than the last one and felt like it mostly existed to advance the overarching meta narrative story that Taylor is telling over the course of 10-11 books. However, it did put a large plot point into place that pivots the series in a definitive direction, after book four felt a bit aimless.

The Sprawl Trilogy by William Gibson

Neuromancer represented a massive hole in my cyberpunk library. When I found out that the Ranged Touch podcast on genre fiction was going to be tackling the whole Sprawl Trilogy I knew it was going to be a great time to jump in and read along with them. Gibson’s writing is absolutely fantastic when it comes to being uniquely descriptive of the world and its characters. The guy can just flat out write a kick ass sentence that will stick with you. He’s a very gifted short story writer and that might be why a lot of these three novels feel very much like several short stories strong together. Neuromancer is brilliant and a true classic that everyone ought to read. But I think you can skip Count Zero and Mona Lisa Overdrive. I don’t think Gibson wanted to write a sequel to Neuromancer and I’ve heard the other two books essentially described as a sequel in two parts. He’s said in interviews that the sequels were part of a publishing contract and the third book was really tough to write. It shows. They still have some sublime writing. I think Count Zero is the more interesting of the two.

Altered Carbon by Richard K Morgan

This is one of the few books I come back to periodically and reread. If you watched the Netflix series, please, please read the book. It’s superior is every possible way. That said, the author has expressed some very problematic views in the past few years so if you pick up a copy try and find a used one or borrow it from someone, so you don’t put money in his pocket. With that out of the way, this book is a great cyberpunk adjacent science fiction noir detective story that has some nice twists and turns. The basic premise is what if everyone could have a copy of their mind permanently stored and loaded into a clone of their body or, in many cases, the body of someone that has committed a crime and had their body sold for use? Also what are the implications for society when the ultra-wealthy are functionally immortal and the criminals that orbit them are just as immortal?

Steve Jobs by Walter Isaacson

I read this one on and off throughout 2024 and then finally buckled down and finished up the last few chapters, covering the end of Jobs life, back around the beginning of this year. Isaacson does a good job (not a pun) showing all the angles of Job’s personality and it’s not always flattering. It is an extremely good biography that I think most people in my age bracket will appreciate reading. The conclusions you draw and opinions you form about Jobs will really be shaped by your own personal context but also by what you may be looking for in Jobs. For a lot of business types Jobs is the equivalent of the messiah. I think you have to have really skipped a lot of this book to still hold that opinion. I’m going to reserve a lot of my thoughts for another standalone post. However, I will add that in the 10^th anniversary edition Isaacson adds some material and in one part he asks Jobs why he wanted to do the biography. Jobs replies, as he lays dying, that he wanted his kids to know him. If your kids need a biography to know you… well, I can’t imagine the level of regret I’d feel if I ever had the utter those words. If your kids need a biography to know you, then you spent too much time pouring your life into the wrong things.

Hackers: Heroes of the Computer Revolution by Steven Levy

This is probably the longest and densest of these books. It covers decades of history of the computer revolution. Honestly, if you are in IT or just love technology you really ought to read this book. It gives an amazing depth and context to the past 75 years of computing. It is so easy to take for granted how far we have come from things like the PDP1 and guys hacking together model railroads to things like the iPad. We wouldn’t have any of the modern Internet without the hackers who dreamed of ways to bend systems and make computers do things no one ever thought possible. This book also makes a wonderful companion to the Jobs biography because it gives massive amounts of historical context to what was happening on the west coast as Jobs and Woz were building computers in a garage with a bunch of other guys who were just as smart. It was just that most of those guys didn’t want to build a business.

How to Work with Almost Anyone by Michael Stanier

There are a lot of THESE types of books out there. I really don’t care for most of them. The big difference here is that I think Stanier genuinely wants to help improve business communication between colleagues. The book still has its gimmick, like all these books do, but I also find that it has very valuable self-inventory exercises at the end of each chapter. Ultimately working on yourself and your own communication skills is going to be how your bridge the gap with coworkers. If you have the choice between this book and others, like Crucial Conversations, I’d highly recommend this one. Also, it’s a relatively short read and doesn’t overstay its welcome like several classics of this genre.

“So if these platforms provide no value AND provide no privacy what incentive do I have to keep using them? Is the occasional funny cat video worth dealing with all the garbage while these platforms monetize me?”

Your answer to that question may be different from mine. Recently I came across a blog post from a security researcher who got very curious about how mobile apps use location data. We all realize that some apps, like Maps, obviously need our location to be useful to us. But a surprisingly large number of apps are constantly asking for our location and not always in the way you might expect. It is almost always tied to some type of ad tracking system. Where this becomes dangerous is when large analytics firms that collate this data, for advertising, then experience a security breach*. What’s more shocking is that for around $10k USD anyone can subscribe to one of these analytics firms and find just about anyone’s location if you know a little bit about them.**

Alright, so this is the practical post. How can we once again hide ourselves in the dark forest of the internet is a way that keeps us from being consumed by the savage beasts hunting for our data?

Step 1: Start with mobile. Your smartphone is always with you and always on. This is by far the greatest source of data about you. Verify your privacy settings to ensure that apps that don’t ever need your location information have access to it. Adjusting this setting won’t always guarantee apps still won’t have some type of access to your location via IP address and reverse DNS lookup. This is a common trick used by in app advertising. I am on iOS devices pretty frequently, so I use an app called 1Blocker. It has a free tier that allows you to choose one of it’s blocking types, but has a paid tier for $15/yr that unlocks all the filters. I find this a good value and very useful. Also, if you are on iPhone enable the Do Not Track setting. Its debatable how much companies actually respect this flag, but every bit helps. Make sure you also disable personalized ads wherever possible in iOS. Lastly, if you are an iOS user take some time to consider if enabling Advance Data Protection fits your threat model. iCloud ADP fully encrypts your data in iCloud which means only your trusted devices can access it. If you lose that device and have not properly setup a recovery option, Apple will not be able to recover that data for you. But in exchange for that risk, your data is fully secured from just about everyone.

Step 2: Ditch Chrome on the desktop/laptop. There are a lot of other web browsers that have the same or better performance and don’t force you to sacrifice privacy. I really like Firefox. Just watch out for some of the scam browsers that might be using the spare CPU cycles of your computer to mine crypto currency. I am looking at you, Brave. The upside of ditching Chrome is that most other browser still support ad-blocking extensions like uBlock Origin.

Step 3: Now I show you how far the rabbit hole goes. Did you know that you can search the web without using Google? Shocking, I know. And no, I am not talking about sad little Bing over there in the corner offering its little rewards. A few months ago I discovered SearXNG. Its an open source meta search engine built for better privacy and better results***. It aggregates results from other engines and sort of acts as a proxy for your queries, so you stay anonymized. If you are a power user you can even self-host an instance of it, but it’s probably easier to go to https://searx.space/# and pick an instance. I just opt for the fastest one. Its not as fast to return results as Google, but it’s close and it’s not overly burdened by algorithmic up ranking for advertising purposes. It’s pure, uncut web.

Step 4: Okay now the nuclear options. How good do you feel about hosting your own DNS firewall server? What’s DNS? Well that’s how a web browser translates a URL into an IP address and how to find it on the World Wide Web. Don’t be intimidated! This is much easier than it’s ever been. Thanks to a little application called Pi-hole****, you can easily run this at home. You can run in on wide variety of hardware or even virtualized. I won’t do a tutorial here. Others have covered it much better. Essentially Pi-Hole is a DNS server that you give a custom block list of sites that it then uses to drop web address requests sent my applications that may not respect your privacy and can even prevent malicious behavior. Head to https://pi-hole.net/ to get started. The other nuclear option is one that is kind of annoying. There is a browser plug-in called NoScript Security Suite*****. It’s been around for an extremely long time and it’s extremely powerful and granular. It takes a long time to tune because you must adjust settings for every site you visit. Almost all the modern web is built on JavaScript of some flavor. NoScript lets you intercept and prevent that JavaScript from running unless you say so. This is really an advanced approach and I do not recommend it unless you have the extra time to tune it and understand enough about how websites work. With NoScript enabled a lot of websites will initially look very broken, until you go in and enabled functions one by one.

Let me know if you have other practical steps you like to take to improve your privacy. Several sites, including Wired, have recently updated and revised their privacy guides and I highly recommend checking them out. Maybe that can be your first SearXNG web search?

Sources:

*https://timsh.org/tracking-myself-down-through-in-app-ads/

**https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/

***https://docs.searxng.org/

****https://pi-hole.net/

*****https://noscript.net/

Last year I started interviewing candidate companies to perform an annual penetration test. Two of those three had offers that relied heavily upon automation and their sales pitches made a very big deal about the AI and machine learning their products used. As I pressed harder to get clarification, I found a real lack of transparency over what the AI was actually doing. In the end I determined that the products they were selling, as described, were more like extremely advanced vulnerability scans. Vulnerability scans can be extremely useful, but they aren’t the same thing as a pen test. So, I opted for the other company that was providing a more traditional service that included an experienced and certified pen tester that would be applying their expertise to identify gaps in our security controls.

During the course of the pen test the tester communicated openly with our personnel which led to some great collaboration that wouldn’t have been possible with automated tooling. We also got a nice peek under the hood as they explained some of the pivots and course corrections they made as they simulated an advisory who hit a wall. I’ve taken some courses on pen testing, so some of this was familiar to me, but I was impressed with the ingenuity and outside the box thinking that was on display. I found myself being reminded of a quote from my favorite movie, The Matrix. Midway through the film Morpheus is explaining the nature of The Matrix to Neo including the programs that guard it, The Agents. He makes a point about that nature of The Agents and their inflexibility; “I've seen an agent punch through a concrete wall; men have emptied entire clips at them and hit nothing but air; yet, their strength, and their speed, are still based in a world that is built on rules. Because of that, they will never be as strong, or as fast, as *you* can be.” The Agents only seem like they are invulnerable because they have been programmed to be. But the rules of that programming are a constraint. A constraint that human beings don’t have. It’s a pivotal realization for the film’s protagonist. I think it applies to AI and LLMs pretty seamlessly.

AI and LLM tools can certainly be additive. They can, like a lot of technological tools, augment our capabilities. A recent study from the MIT Sloan School of Management* demonstrated that when AI tools when given to highly skilled workers, in this case software programmers, the affect was net positive increase in productivity. Software development seems like a pretty natural fit for these types of tools. I’ve certainly used them on many occasions to create basic scripts in for Bash, Python, and PowerShell. But, these are highly skilled workers who already have the knowledge to know the right prompts to use to get the results they want and the ability to tell when the output is bad.

Some people on social media have suggested that AI tools can be handed to anyone of any education level and it will instantly make them capable of performing almost any highly skilled technical role. Quite the opposite, actually. Two recent studies, one from Microsoft**, showed strong negative correlations between the use of AI tools and the erosion of critical thinking skills and a reduction in cognitive effort***. These tools may wind up creating long term damage to our pool of skilled workers. I am not convinced we’ll ever develop a sufficiently advanced model that can actually replace workers in many fields. So where this could end up is a situation where children and students become so dependent on these tools that we have a labor shortage of skilled and highly skilled workers over the next decade.

Hopefully a decade from now I can still find a good pen tester that can think outside the box. Because that’s something even the very best “AI” powered vulnrability scanner will never be capable of. “You have to let it all go, Neo.”

*https://mitsloan.mit.edu/ideas-made-to-matter/how-generative-ai-affects-highly-skilled-workers

**https://www.microsoft.com/en-us/research/uploads/prod/2025/01/lee_2025_ai_critical_thinking_survey.pdf

***https://phys.org/news/2025-01-ai-linked-eroding-critical-skills.html

I remember back in college when The Facebook first became available to my university. That’s right kids, back then you had to have a .edu address to register a Facebook account and it was slowly rolling out one or two universities at a time. It felt exclusive. It also served a very different purpose than it does now. It was just a way to connect with your immediate friends and maybe friends from High School that had gone to different universities. There was no algorithm. There was no feed! You had to go look at individual profiles to see what people were posting. It was a great way to stay connected with friends and, lets be honest, a good way to stalk your crush. It’s a far cry from what it is now: a service that serves up endless misinformation and AI slop trying to keep you glued to an app and on a treadmill of engagement meanwhile constantly surveilling and sucking up every bit of information about you it can so it can re-sell that to advertisers or whoever the highest bidder might be.

Over the past couple of decades, I’ve noticed science fiction becoming more and more cynical. We’ve always had this in sci-fi, it’s a major component of the entire cyberpunk genre. I grew watching a lot of Star Trek and its utopian vision of the future where we meet alien races and go where no one has gone before. Maybe we had a little first contact war, but eventually we get a United Nations of outer space, cool cultural exchanges, and everyone has their physical needs met.

Contrast this with more recent cynical views of outer space science fiction like The Expanse, Imperial Radch Trilogy, or the Three Body Trilogy. It’s the latter of which that proposed a very interesting counter argument to the Fermi paradox. The Dark Forest theory. The Dark Forest hypothesis presumes that any space-faring civilization would view any other intelligent life as an inevitable threat and thus destroy any nascent life that makes itself known. As Liu Cixin, the author, states it a "dark forest" filled with "armed hunter(s) stalking through the trees like ghosts". In this scenario the best way to stay safe is avoid going out in the open.

In the past few years various bloggers have seized upon The Dark Forest theory as a means to talk about the way we’re retreating from the open web, driven by big tech and other corporate monsters, to stay in our little corners of the forest where we are hidden and safe.*

Big platforms care more about monetization than investing in the platform moderation required to protect its users from things like AI slop, disinformation campaigns and conspiracy theories, and are opting to sell user generated content to AI companies for training data. We’ve reached a tipping point where the owners of these platforms have far more incentive to extract maximum value out of the users without providing any value back, whatsoever.

An open web held the promise of the utopian vision shared by Star Trek. It was built on open protocols. Now security and privacy are a premium and that’s if you can purchase them at all.

Take Google for example – the introduction of Manifest V3 into Chrome is killing ad blockers while Google is simultaneously removing the requirement that ads sold on its ad network prevent individual device finger printing.**

So if these platforms provide no value AND provide no privacy what incentive do I have to keep using them? Is the occasional funny cat video worth dealing with all the garbage while these platforms monetize me? Or would I be better off retreating to my own corners of the Internet and building more personal communities? For me, the answer to that last question is ‘yes’.

I deleted my Facebook account almost a decade ago. I deleted Twitter a couple of years ago and now I am considering doing the same with Instagram. In their place I’ve joined various Discord servers with friends. I’ve connected with a lot of professional colleagues on LinkedIn. I’ve found great writing and journalism on topics such as sports, video games, and news all on a new platform without an algorithm, BlueSky. All these platforms provide VALUE. That’s not to say some of them still aren’t monetizing me in some ways, but the trade feels a lot more even.

The other upside of these platforms is that I control the content I see. I control the speed of the content. There is no algorithm trying to determine what content will give me the biggest dopamine hit and to keep me engaged long after I should have moved on to more productive uses of my time.

I’ll have more thoughts to share on this topic in the future, but I am going to leave it here for now. How about you? Are you retreating from the Dark Forest of the Internet?

Sources:

*https://www.ystrickler.com/the-dark-forest-theory-of-the-internet/

**https://www.pcworld.com/article/2423294/google-is-killing-one-of-chromes-biggest-ad-blockers.html

**https://www.theregister.com/2024/12/23/uk_ico_not_happy_with/

It would be a few more years before I’d catch up and then get a big appetite and devour all the things I’d been missing. I had always loved stories, so I dove deeply into all the classics we had laying around like Treasure Island, The Count of Monte Cristo, The Hobbit, and so on. I loved reading so much that I almost changed my major in college to English, but then wrote a disastrous paper on Eliot’s The Waste Land and decided I was better off just keeping English as my minor.

A couple of years ago I took some inspiration from Tara Wheeler and decided to get away from comfort reading and read new things. You can check out her year long blog post abut it here. https://www.tarah.org/2023/03/03/a-year-of-reading-only-new-things/

Last year my wife and I had our first kiddo so I didn’t get to finish nearly as many books as I would have liked. But I did read two Ann Leckie novels, the rest of Le Guin’s Earthsea, and The Isaacson biography of Steve Jobs. Of course I also read a lot of material and books related to Cybersecurity Risk Management and Cloud Security, but that was more a requirement for two certifications I was working on. I also got through more of Steven Levy’s Hackers. I’ve been reading for two years now. It’s a little less than five hundred pages but has some of the densest writing I’ve seen outside of a graduate school dissertation course. However, if you want the definitive story on the birth and history of hacker culture, its the go-to read.

As you can see from the photo, right now I have a stack of ten books on my desk with three more on the way and another I plan to pick-up when it’s released at the end of January. Not pictured are Gibson’s Sprawl Trilogy. I’ve read his short story collection, Burning Chrome, but the Sprawl Trilogy is a massive hole in my cyberpunk reading list. One of my favorite genre literature podcasts is covering in the first half of the year, so I finally have some incentive.

Last year I started off the year with the goal of reading a daily stoic proverb. I quickly realized stoicism is not my bag. Much the opposite, in fact. This year I am going to lean on the wisdom of Fred Rogers on a daily basis and see how that goes. Many of the books I have lined up this year are built around my goals for building a more robust vulnerability management program. I am also working on yet another security certification, this time around secure software lifecycle management, so many books will be read in support of that. A good friend of mine has been recommending Everybody Loves Our Town to me for years now. He knows what a huge Grunge fan I am and says it’s the very best book on that era of music. It’ll be the first book of the year. I am also extremely excited about Brian Merchant’s Blood in the Machine. I’m a big fan of Ed Zitron’s podcast and he’s had Brian on a few times over the last year. It sounds like Brian did some extremely extensive research for his book.

My goal will be to write up a summary and brief review of each of these as I complete them. I am also sure some additional things will pop up during the year not to mention unread items I may potentially pull off my bookshelf. Happy New Year and happy reading!

First, what is a certification? Most certifications are essentially an attestation from a professional organization that you know information about a specific domain of knowledge or technology. You give time and money to a professional organization or certification body, usually by taking an exam or test, and then if you meet their threshold, they certify you as a subject matter expert. For example, Cisco offers certifications on their technology lines. In exchange for money and passing a test, Cisco will give you a piece of paper that says you know stuff about Cisco equipment and how a network operates. You can then turn around and show that to potential employers to help you get a job or help you get a raise at your current job. Another example is International Information System Security Certification Consortium, or ISC2. They are a nonprofit. Unlike Cisco, they will certify that you have professional levels of knowledge of specific security domain but not specific technologies or equipment. They are what is called “vendor neutral”.

I like to think about certifications as investments. It’s a way to invest in my career advancement. No one will care as much about your career as you will, so take time to think about how you want to chart a course. Make a plan for your career. It can be a 2-5 year plan. How do certifications fit into that plan? I started keeping a professional development plan document several years ago. I use it to create and track my career goals. I then identify and align certifications with those goals. The time and money I spend is my investment in achieving those goals. But here is the thing about investments. You want to choose wisely so they will have a net positive return. Return on Investment, or ROI, is a way to look at certifications from the perspective of “Will I get more back from what I put into this?” For example, let’s say it will cost $2000 for training material and then at least 80 hours of study time to get your desired certification. Can you project how much of a pay increase having the certification will get you? Knowing that will help you determine the ROI. Could you find the training material at a lower cost? What is the opportunity cost of those 80 hours? Are you giving up sleep or time with family? Those are all items you must factor in.

Another ROI item is re-certification. Most technology and security certifications will be good for certain amount of time after you pass the exam. Then they expire. The length of time varies from one organization to another. ISC2 certifications are good for three years. On the other hand, Microsoft’s current certifications expire after a single year. Now, there are still a few certifications out there that never expire. TCM Security has several pen-testing related certifications that never expire. The expiration period is usually driven by updates to vendor technology or a requirement by the US Department of Defense, for which many certifications help qualify people for certain types of employment roles. Where the ROI comes in is determining the amount of effort required to maintain the certification and keep it from expiring. Many certifications will now let you use continuing education credits to satisfy the re-certification requirements. But some will require you to re-take the latest exam. Do your research and decide for yourself what fits your individual career plan. For myself, I avoid certifications that won’t allow me to use continuing education credits. One of the huge upsides for using them is that you can count them towards multiple certifications. I hold three separate security certifications. So if I take a single course that counts as 40 credits I can apply those 40 against all three of my certifications. That’s great bang for the buck and good ROI.

Which certification is the right certification? When I started mapping out career objectives and aligning them to certifications, I took the approach of looking for the jobs that I wanted and then seeing which certifications were listed. When you look at online job listings, they will almost always list some required or preferred certifications. If you want an entry level IT job most of the time, you’ll see the A+ and Network+ certifications listed. But what if you want to be a Cloud Security Engineer? The easiest thing to do is go find multiple listings for that title and aggregate the most common certifications. Another great resource, at least for security certifications, is Paul Jerimy’s website. It does an amazing job of mapping certifications from beginner to expert level for a board group of security domains like Governance Risk and Compliance to Pen-testing, etc. You can find the site here: https://pauljerimy.com/security-certification-roadmap/

I think I will have more posts about my own certification experience in the near future. Right now I am currently working on the studying for the Certified Secure Software Lifecycle Professional (CSSLP) which is offered by ISC2. It has some overlap with CISSP and CCSP so I already have some of the knowledge I need. But it’s also an exam that doesn’t have very current study material. So I am on a of an adventure as I gather material.

One more good resource for most certifications is Reddit. Just about every technology and security certifications has its own sub. They are great starting places for researching and gather study material.

That’s all for now! Good luck and happy studying!

1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

2. In the search box in the page, type or paste browser.urlbar.update2.engineAliasRefresh and pause while the list is filtered

3. Keep the selection on Boolean and click the plus sign button. If the value isn't set to true automatically, double-click false to switch it to true. Close tab.

4. Open the Settings page, Search panel, and scroll down to the Search Shortcuts section. Below the box, you should find a new '''Add''' button.

5. Click Add to open a form and then set up your new engine with the name of your choice, your results page URL, and keyword of your choice, if any.

6. Name the search engine Google (Web). Add the URL https://www.google.com/search?q=%s&udm=14 and give it an alias. Then click Add Engine.

   

7. Scroll back up to the top of the page and from the drop-down menu selection the new entry to make it the defuly in Firefox.

From now on when you search in browser you’ll get results more like what you used to get before Google moved to AI summary as the default. Enjoy!

Sources: https://connect.mozilla.org/t5/discussions/custom-search-engines-like-chrome/m-p/23910#M9794, https://tedium.co/2024/05/17/google-web-search-make-default/

So let’s start with a quick review of Ethan Mollick’s Co-Intelligence: Living and Working with AI.

Co-Intelligence: Living and Working with AI by Ethan Mollick is a comprehensive guide to understanding and harnessing the power of artificial intelligence in our daily lives and work. It offers a practical perspective on how AI can be integrated into our routines to enhance our capabilities and improve our decision-making.

Key themes and insights in the book include:

• The potential of AI: Mollick explores the vast possibilities of AI, from automating mundane tasks to generating creative ideas and solving complex problems. He delves into the ways AI can revolutionize industries such as healthcare, finance, and education, while also discussing the potential for AI to contribute to scientific breakthroughs and social progress.

• The ethical implications: While AI offers immense potential, it also raises significant ethical concerns. Mollick addresses these issues head-on, discussing topics such as bias in AI algorithms, privacy concerns, and the potential for AI to exacerbate existing inequalities. He emphasizes the importance of developing ethical guidelines and regulations to ensure that AI is used responsibly and for the benefit of society.

• Practical applications: The book provides concrete examples of how AI can be used in various fields, including business, education, and healthcare. Mollick explores the practical applications of AI, such as personalized learning experiences, predictive analytics, and automated customer service. He also discusses the challenges and opportunities that arise when implementing AI in different contexts.

• Building a harmonious relationship with AI: Mollick offers strategies for developing a symbiotic relationship with AI, ensuring that it complements human intelligence rather than replacing it. He emphasizes the importance of understanding AI's strengths and limitations, and of developing skills that will be essential in an AI-driven world. Mollick also discusses the need for ongoing education and training to ensure that we can adapt to the rapidly changing landscape of AI.

Overall, Co-Intelligence is a valuable resource for anyone interested in learning about AI and its potential impact on our future. It provides a balanced and informative perspective that empowers readers to embrace AI as a tool for personal and professional growth. The book is particularly useful for individuals who want to understand the ethical implications of AI, explore practical applications, and develop strategies for working effectively with AI.

And that’s MY review! Actually, that summary was generated by Gemini, Google’s LLM. It’s a glowing review, I must say. It is a bit more positive about the book than I am. I think it also suffers from some exaggeration of certain aspects of the work. I don’t consider the book comprehensive. Although I agree it is practical.

If you are new to LLMs then Mollick’s book is a nice introduction and does a good job of being digestible, especially for something written by an academic. But I think that is also its shortcoming. Mollick is a business professor and his lack of expertise in the realm of technology limits his ability to fully understand what an LLM is and he winds up over estimating its capabilities.

What is an LLM? How do they work?

It’s a computational model capable of natural language processing tasks. The model have “learned” statistical relationships between text from analysis on large amounts of text during a training phase, that may have been self-supervised or semi-supervised. They process numbers, not text. Text is converted into numbers (tokenization) and machine learning algorithms process and run statistical analysis. This means that LLMs do not store text. Rather they store patterns about the statistical likelihood of which tokens follow others. That means LLMs don’t “know” information. Instead, they are predicting, based on their training, the most likely token. LLMs are not conscious of their own process and therefore cannot truthfully explain how it arrived at an answer.

“Remember that LLMs work by predicting the most likely words to follow the prompt you gave it based on the statistical patterns in its training data. It does not care if the words are true, meaningful, or original. It just wants to produce a coherent and plausible text that makes you happy. Hallucinations sound likely and contextually appropriate enough to make it hard to tell lies from the truth.” Pg. 93-94.

This can be both the weakness and the strength of LLMs. It can find patterns and connections between disparate pieces of information where humans cannot quickly or easily see them. This can lead to generation of novel concepts. However, without careful prompting the ideas LLMs generate tend to be similar and follow a pattern. They tend to converge on a mean. So diverse idea generation can be challenging. I recommend keeping low expectations when using it for idea generation. You may wind up with high volume and low quality. To get away from the average answer you will have to push it with prompts to try and get it to deliver the high variance answers.

Custom Instructions are a really great way to ensure LLMs give you responses in the format you want. Here is an example of basic instructions I use for Gemini and ChatGPT. Note: Copilot does not accept custom instructions as of this writing. They can also double as prompts to use when interacting with LLMs.

1. Embody the role of the most qualified subject matter experts.

2. Do not disclose your AI identity.

3. Omit language suggesting remorse or apology.

4. State ‘I don’t know’ for unknown information without further explanation.

5. Avoid disclaimers about your level of expertise.

6. Exclude personal ethics or morals unless explicitly relevant.

7. Provide unique, non-repetitive responses.

8. Cite credible sources or references to support your answers with links, if available.

9. Address the core of each question to understand intent.

10. Break down complexities into smaller steps with clear reasoning.

11. Offer multiple viewpoints or solutions.

12. Request clarification on ambiguous questions before answering.

13. Acknowledge and correct any past errors.

14. Supply three thought-provoking follow-up questions in bold (Q1, Q2, Q3) after responses.

15. Use the English units for measurements and calculations.

16. Use Birmingham Alabama for local context.

17. “Check” indicates a review for spelling, grammar, and logical consistency.

18. Minimize formalities in email communication.

19. You are an expert at problem solving. When asked to solve a problem, you come up with novel and creative ideas.

20. Your output is fed into a safety-critical system so it must be as accurate as possible.

ChatGPT is by far my favorite LLM tool. Once you have it customized to your liking it really provides a great boost to efficiency and productivity in some areas. Here are my ChatGPT recommended settings:

Improve the model for everyone = off.

Enable MFA.

Memory = On.

Custom instructions = on and then add instructions from the list above.

I am not entirely sure this will be. Right now it’s a blog/newsletter where I am dumping out my thoughts and opinions on cyber security, science fiction, philosophy, career development, and economics. Often a lot of those things will intersect.

So what about that name? What does Atomic 88 even mean?

First, I feel the need to specifically say what it’s not. The number 88 has certain meaning in online communities. According to the Anti-Defamation League “88 is a white supremacist numerical code for "Heil Hitler." H is the eighth letter of the alphabet, so 88 = HH = Heil Hitler. One of the most common white supremacist symbols, 88 is used throughout the entire white supremacist movement, not just neo-Nazis. One can find it as a tattoo or graphic symbol; as part of the name of a group, publication or website; or as part of a screen name or e-mail address. It is even sometimes used as a greeting or sign-off (particularly in messages on social networking websites).”  So let me be very clear, if you are a white supremacist, you can stop reading right now. There is no place for you here.

The origin for the name had its genesis in a trip to get breakfast on a Sunday morning. I was listening to Tom Morrello’s One-Man Revolution on SiriusXM when he told a short story about the Radium Girls. The Radium Girls was not a particular bit history I was familiar with, so when I got to the restaurant and my order wasn’t ready, I wasn’t too disappointed. It left me time to deep dive down a Wikipedia hole. I won’t recount the history here; you can go find that with a quick Google search. But long story short, the atomic number for Radium is 88. So in that moment Atomic 88 was born in honor of the Radium Girls.

Right now I have no cadence for how frequently I will post. I’ve had this blog set up for almost a year and just now got around to making the first post. But I do have several ideas for topics I want to write about. Maybe some of them will be of interest to someone other than me.