Skip to content

Unsupervised Learning: No. 173

ul-logo-blog-640-wide-copy

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans.

I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past week, or a standalone essay that hopefully gives you something to think about.

⚠️ Security News

Amazon has many thousands of people doing quality control on Alexa, meaning that they’re listening to incoming audio captured on Echo devices. This shouldn’t be surprising. The question is how they’re doing it, and what policies they have around privacy when doing so. I don’t personally see a major problem here. But at the same time I’d never put a Facebook device in my home. To me it’s more about the company and its incentives than anything else. Link

A number of FBI-affiliated websites were hacked, and information on thousands of federal agents and law enforcement officers are now being sold online. Link

Chinese schools are using facial recognition on students, and using ML to determine whether or not they’re currently paying attention, distracted, etc. Link

Sift is a service that builds a risk profile on you so merchants can determine whether you’re a benign actor or someone about to commit fraud. I think people need to accept that continuous risk scoring for people and situations is both inevitable and actually already happening. The moment you try to block bad actors by looking at their behavior, you quickly end up with a score that determines action based on various thresholds. And the moment you do it for bad actors, you’re kind of implicitly doing it for good actors as well. There are better and worse ways to approach this, but profile scoring is not something we’re going to be able to avoid going forward. Let’s accept this reality and start having the conversations about how to make (and keep) this functionality as benign as possible. Link

A Dutch F-16 was damaged by rounds from its own 20MM cannon. So it fired bullets, and then flew into them. Life is awesome. Link

Advisories: SAP Crystal Reports, Adobe, Juniper Switches.

⚙️ Technology News

The biggest news from Google’s cloud conference last week was the launch of Google Anthos, which unifies your on-prem and cloud container management into a single platform. Link

Disney is launching Disney+ in November, which will cost $6.99/month. At the time of writing, the stock is up 11% on the news. Link

Walmart is adding around 4,000 new robots to stores across the US. They are meant to do “repeatable, predictable” tasks, including: shelf scanners, floor cleaners, picking things up, unloading things, and sorting things. Link

You can now edit Microsoft Office files using Google Apps, e.g., docs, sheets, and slides. Link

🧑‍🤝‍🧑 Human News

Peter Temin, an economist at MIT, says the US has slipped into developing nation status because 80% of the population is burdened with debt and anxious about job security. Link

Gum bacteria is being called out repeatedly for potentially causing Alzheimer’s and other diseases. Link

Bank of America is raising its minimum wage for employees to $20/hour. Link

What qualifies as middle income in each state. Link

Abusability Testing — My favorite talk at ENIGMA 2019. It’s about how we have to think about large-scale systems can be abused, not just about technical vulnerabilities within those systems. So, more like Adversarial Economics than Penetration Testing. Link

Pitching your product will kill fundraising, because they need to know WHY you exist more than anything. Link

The future of news is conversation with small groups that have trusted voices. Link

🔍 Discovery

The world’s 7.5 billion people in one chart. Link

A maturity model for use of the MITRE ATT&CK Framework. Link

Two new fonts! Public SANS, Helvetica NOW. Link

Unclassified U-2 spy plane photographs are revealing some extraordinary archaeological findings. Link

Bloodhound password analysis. Link

Provable Security at AWS — One of my two favorite talks at ENIGMA this year. Link

📝 Notes

It’s crazy that I’ve been doing this show for 4 years now, and podcasting is now entering the mainstream. I love how much content is out there now. I continue to tweak the pitch for this show in the podcast description, to differentiate it from the other stuff out there. Risky Business is the best security news show, I think. I like my mix of stories better, but I like that Patrick has the format to go a bit deeper on each one. And Darknet Diaries is a must for anyone who likes story-based podcasts—like Serial was. This show is quite different, as it’s a curation lens to what’s happening in the world of security, technology, and people. It’s a way to pass on what I find and learn from all the reading I do. I think that harvesting feature is key, and I want to find a way to make it more obvious. If you have any ideas I’d love to hear them. Thoughts?

I’ve changed the subscription option here to just be the $50/year option, since that seems to be the most popular one anyway, and I think it’s cleaner to offer the best plan instead of outsourcing the choice. You can sign up here. Subscribe

I’m also considering doing a member version of the free newsletter—which would not have any call to subscribe at the bottom. Not sure if that would matter, but I think it’d be a nice minor perk for membership. Thoughts?

These are the books that I’ve just finished or am about to start (within the last month or two): WhiteShift, The Vanishing Middle Class, Loonshots, From Cold War to Hot Peace, Discrimination and Disparities, The Tyranny of Metrics, The Demon-Haunted World, Bowling Alone, The Right Side of History, The Age of Surveillance. I’ve been reading like crazy, and the book that’s had the most impact has been Bowling Alone, which, combined with reading to conservative books (Sowell and Shapiro), has got me thinking a lot about the lack of meaning in peoples’ lives. I have much to say about this, and even a forming plan for addressing it. Ping me if you want to exchange ideas about it.

I’m considering trying to get each section down to around 5 items (except security, which sometimes goes longer). The idea is to curate even more, and reduce the load on you. What are your thoughts? Would that be helpful?

📚 Recommendations

Loonshots: How to Nurture the Crazy Ideas that Win Wars, Cure Diseases, and Transform Industries Link

💬 Aphorism

“The more we do, the more we can do”.
~ William Hazlitt