Unsupervised Learning: No. 102

This is episode No. 102 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…

This week’s topics: Github security, China IW, Brexit IW, S3 again, Quad9 DNS security, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Listen and subscribe via…

Read below for this episode’s show notes & newsletter, and get previous editions

Security newsGithub is now incorporating two separate security services into its offering directly: 1) it will tell you what dependencies you have in your code (JavaScript and Ruby), and 2) they will tell you if you have vulnerabilities in those dependencies. Fantastic stuff, although I can hear the collective groans of so many companies whose entire purpose was doing these things.Researchers at the University of Edinburgh identified 419 Russian accounts attempting to influence the Brexit outcome. This shows that Russian information warfare efforts are not a Trump thing, or a U.S. thing: they're a concerted effort to affect outcomes in a way that benefits Russia. And they're using information warfare through social media as the weapon. Well, put that way it seems downright expected.A paper out of Harvard describes how China has an army of people injecting fake comments into its social media networks for the purpose of cheerleading for the government and its policies. It claims this 5c party is responsible for around 448 million social media comments a year.A military contractor has left a ton of data on an unsecured S3 bucket about what looks to be a military-sponsored intelligence campaign. It's astounding to me how much this keeps happening and how easy it is to avoid.Quad9 is a free new DNS security service from IBM that lives at IP 9.9.9.9 (it's four 9's). They're presumably doing a bunch of domain filtering, similar to other services like Cisco's Umbrella (which used to be OpenDNS) and Akamai. They're evidently filtering using around 15 different feeds. Cool idea. I like how simple it is; hopefully that'll get a decent number of non-experts using it.It looks like Microsoft might have patched a bug in its old Equation Editor utility by modifying the executable directly instead of updating the source and recompiling. Patching: PeopleSoft, Microsoft's November 2017 Security UpdatesTechnology newsTesla showed off its Semi truck, which will have a range of 500 miles and haul a maximum load of 80,000 pounds. Musk said they're working on a charging solution that will give 400 miles in 30 minutes, all using solar power.The Brookings Institute says digitalization is coming for pretty much every industry, and the more tech you know the more stable your job will be and the more you'll make. Mean wages for highly digital jobs was around $73K. It was $48K for medium digital jobs, and $30K for low digital jobs.The reviews are coming in for Google's Pixel Buds. They appear to say exactly what I would expect them to, which is that they sound like a great idea, but weren't executed very well. This is what I expect from any Google product with a UI/UX. Look at their administrator consoles. Look at their numerous attempts to launch a social network. Look at their numerous renaming of their conference call tool. They keep renaming things, relaunching, and failing. They seem completely tone deaf to how people actually use things. Utter geniuses on the backend, and completely lost when it comes to interface.Apple Watch can be used to detect arrhythmia, hypertension, and sleep apnea. China has completely passed the U.S. in the number of the world's most powerful computers. They now have 202 while the U.S. has 143.Human news Another major study has indicated that coffee consumption is good for you. As little as one cup a week may lower your chances of stroke or heart failure. And the benefits go up when you drink more. Adding up the numbers I think this means I'm immune to those things.The FDA has approved a new digital pill that can track whether or not you've taken your medicine, and then sends that data to your doctor and up to three other people.Two scientists are predicting more extreme earthquakes in 2018 due to a correlation with a cycle of slowing earth rotation.Britain recorded 2,255 modern slavery offenses in England and Wales last year, an increase of 159% over last year.We sent a signal to a star system 12 light years away from us. Which means they'll get it 12 years from now. The system has two planets—one of which might be able to support life. I used to be all about these kind of broadcasts, but after reading The Three Body Problem I now think (along with Hawking) that we should probably be quiet.Blood tests may soon be able to tell you about your cognitive health, including your risk for Alzheimer's.It appears many opiate users are dying because they're using (and combining) their drugs unsafely, e.g., mixing them with alcohol, taking fentanyl when they think it's heroin, etc.IdeasI think I may have found a link between opiate and smartphone addiction: the lack of a strong meaning loop.Startups are incubation laboratories for features that—if popular—will inevitably end up in the platforms and operating systems themselves.I've started a new series for members called Algorithmic Learning, where I define a practical methodology for doing a specific task. The first edition is on Leadership, and it describes my personal approach to leadership, a system for building a new team, and ways of handling various leadership situations. Really looking forward to feedback and ideas on how to improve it. (Member Content)DiscoveryYou can edit your /etc/pam.d/sudo file in macOS to allow you to sudo using your fingerprint on a new MacBook Pro.Digital Ocean has put out a nice Introduction to Machine Learning.AWS has released some new AMIs for learning Deep Learning.How Facebook figures out everyone you've ever met.Cracking MMORPGsChaining web vulnerabilities to get RCE

NotesI finished BoBos in Paradise, by David Brooks, and started and finished Leadership Step by Step, by Joshua Spodek. Both were fantastic. I started Losing Ground, by Charles Murray, but I think I already know and accept the conclusion, so I put that one down. Also reading Player Piano, by Vonnegut, which I tried to get through before but stumbled in the beginning.I had LASIK at UC Berkeley. I'm a few days into recovery and my near vision is unbelievable. My distance vision is still a bit suspect, but it's improving every day. I had a 70 second laser burn because I was farsighted. I have some star bursting, which is a symptom of the swelling, but I'm hopeful it'll completely disappear within a month or so. Overall, couldn't be happier.RecommendationsA number of groups have released basic security guides. Here's Motherboard's Guide to Not Getting Hacked, the EFF on Surveillance Self-defense, and @InfoSecTaylorSwift's Decent Security. These are good for getting less savvy loved ones up to speed on the basics.Subscribe to my site's RSS feed. The feed has full text so you don't have to click through to read, but I recommend that you do. It looks better due to the time I've spent on typography and design, and you can comment on the site as well.When at a conference, encourage people to stand in the Pac Man formation, which allows space for one more person to join your group.Aphorism“We are what we repeatedly do.” 

No related posts.