Skip to content

Unsupervised Learning NO. 395

How I Make Money as an Independent, Tesla's Insider Data Breach, Bots Beating CAPTCHAs, and Escaping the Maze…

How I Make Money as an Independent, Tesla's Insider Data Breach, Bots Beating CAPTCHAs, and Escaping the Maze…  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Unsupervised Learning NO. 395

How I Make Money as an Independent, Tesla's Insider Data Breach, Bots Beating CAPTCHAs, and Escaping the Maze…

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hey there!,

Happy Monday to you. I managed to avoid Covid, so being one of like 9 people in Vegas I saw wearing a mask was worth it (although avoiding parties might have done it too). Still got a little sick though, but just minor ConFlu type symptoms.

Extremely happy with this week’s newsletter. Lot of small tweaks that I hope you love.

Have a great week!

In this episode:

tw profile: Jason Haddix

Jason Haddix @Jhaddix

tw

This post is much more than just an update on ⁦@DanielMiessler⁩ ‘s path.

It’s commentary on individualism and work. It’s a blueprint for happiness.

IMO, It’s one of the most important pieces he’s ever written.

You should read it.

danielmiessler.com/p/what-im-doin…
What I'm Doing and How It's Going
How I went from a $350K FTE to $700K+ doing my own thing

10:06 PM • Aug 19, 2023

232 Likes   51 Retweets

13 Replies

🎙️ "What I’m Doing And How It’s Going"
🔐 Tesla's Data Breach: An Inside Job
🔍 Example’s Matter: Canary's Domain Name Issue
🚨 NetScaler Instances Hacked: CVE-2023-3519 Exploited
🤖 Bots Outperform Humans at Solving CAPTCHAs
🔒 Infrastructure Security Boost: Israel-US Collaboration
🔎 Microsoft Breach Investigation by DHS's CSRB
🇨🇳 China's Cyber Threat to US Infrastructure
🇯🇵 China's Damaging Cyber Attack on Japan
🕵️‍♂️ Hacker Accounts Exposed: Cybercrime Forum Logins Stolen
🔭 Tool & Article Discovery
➡️ The Recommendation of the Week
🗣️ The Aphorism of the Week

MY WORK

A couple of major essays this week. Some of my best work ever I think. Don’t miss these two.

What I’m Doing And How It’s Going — The various flows that let me work for myself

What I’m Doing and How It’s Going — A fairly comprehensive look at how I quit my corporate job and moved to becoming independent. Includes not only the actual streams (and amounts) I use to make money, but also why I think it’s so important for people to start thinking about this as an option. READ IT

ATHI — An AI Threat Modeling Framework for Policymakers — A new framework for thinking about harms and impacts that can come from AI systems. Designed for policymakers, lawmakers, and the general public. Includes a Github Repo for contributions. READ IT

🎙️ Subscribe to the Podcast
If you’re not getting the podcast yet, please subscribe. Sorry about the throat-clearing last week! ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is not dead. You can follow all UL content with via the following RSS feed. ADD TO YOUR RSS READER

SECURITY NEWS

Tesla's Data Breach 
Tesla's been hit with a data breach, and it's reportedly an inside job. Two former employees leaked personal information of over 75,000 individuals, including Elon Musk's Social Security number, to a foreign media outlet. TECHCRUNCH

Example’s Matter
Thinkst Canary discovered that about 40% of their customers were using the example domain name provided in their UI, potentially making their Canarytokens less effective. The company has now decided to show multiple examples that cycle each time the configuration page is opened, hoping to encourage more diversity in domain name choices. THINKST

NetScaler Instances Hacked 
Nearly 2,000 Citrix NetScaler instances have been compromised by exploiting a recently disclosed critical security vulnerability, CVE-2023-3519. Despite most administrators patching their NetScalers, a follow-up analysis revealed that 1,828 servers remain backdoored, with 1,248 already patched against the flaw. THEHACKERNEWS

Sponsor

Rampant Cloud Activity

Cloud risk can grow faster than your AWS bill (true story).

That’s why Wiz partnered with Wiley to create the AWS Security for Dummies eBook. This free pdf contains 46 pages of expert tips to harden your AWS environment, including:

  • How to get the basics right to help scale security when your footprint (inevitably) grows
  • How to secure specific resources based on your usage (VMs, S3, Cloudtrails, and more)
  • Which critical weaknesses to prioritize so you aren’t caught off guard

All of these techniques can be found here -- grab your free digital copy now and boost your AWS security posture.

👉wiz.io/lp/aws-security-foundations-for-dummies👈

Download Now

CAPTCHA Conundrum
Bots are now outperforming humans at solving CAPTCHAs, those annoying tests to prove you're not a robot. A study involving 1,400 participants solving 14,000 CAPTCHAs revealed significant differences in solving time and user perception. SCHNEIER

Infrastructure Security Boost 
Israel and the US are pooling $3.85 million to beef up their critical infrastructure security. The funds, part of the BIRD Cyber Program, will support four projects targeting maritime sectors, airport and air traffic, and industrial control systems. SECURITYWEEK

Microsoft Breach Investigation 
The Department of Homeland Security's Cyber Safety Review Board (CSRB) is set to review the July breach of Microsoft Exchange Online by suspected Chinese hackers. This comes after Senator Ron Wyden blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for an investigation. THEREGISTER

China's Cyber Threat 
China might target US critical infrastructure, like railroads and pipelines, with disruptive attacks if it invades Taiwan and the US intervenes, warns CISA director Jen Easterly. This follows a shift in Chinese cyber activities from surveillance and data theft to disruption, particularly on US military bases in Guam. THERECORD

China's Japanese Intrusion 
China managed to hack into Japan's defense networks, and it's one of the most damaging cyber attacks in Japan's history. The NSA discovered this breach in 2020 and alerted the Japanese officials, who were left deeply concerned. SCHNEIER

Hacker Accounts Exposed 
Researchers at Hudson Rock found that over 100,000 hackers had their cybercrime forum logins stolen due to info-stealing malware. Interestingly, the passwords used for these forums were generally stronger than those for government websites. BLEEPINGCOMPUTER

Sponsor

World-Class Email Protection - Simplified

More than 90% of cyberattacks start with email and attacks are growing in volume and sophistication. From phishing and ransomware to credential theft and zero-day attacks, organizations of all shapes and sizes face a new world of risk. Get the most advanced email protection in the industry, delivered in the simplest way possible.

👉mimecast.com/work-protected👈

Learn More

LinkedIn Accounts Hijacked 
LinkedIn is facing a wave of account hacks, with many users locked out or their accounts hijacked. Google Trends data shows a 5,000% increase in search terms related to LinkedIn account hacks or recovery over the past few months. BLEEPINGCOMPUTER

Discord.io Data Breach 
Discord.io, a third-party service for custom Discord invites, has confirmed a data breach affecting 760,000 users. The exposed data includes usernames, email addresses, and in some cases, hashed passwords and billing addresses. BLEEPINGCOMPUTER

Security Benchmarks Showdown 
Reddit user HotCakeXXXXXXXXXXXXX has shared a comparison of popular security benchmarks, highlighting the potential dangers associated with each. The post provides a detailed analysis of each benchmark's strengths and weaknesses. REDDIT

Vulnerabilities:

  • Juniper's Security Advisory
    Juniper has released a security advisory to address multiple vulnerabilities in Junos OS. These vulnerabilities could be exploited by a remote cyber threat actor to cause a denial-of-service condition. | Critical | CISA
  • Ivanti Avalanche Vulnerabilities 
    Ivanti Avalanche, a mobile device management solution used by 30,000 organizations, has been hit with multiple critical security flaws. The vulnerabilities, tracked as CVE-2023-32560 with a CVSS score of 9.8, could allow a remote attacker to achieve code execution or cause a system crash. THEHACKERNEWS

TECHNOLOGY NEWS

NYC Bans TikTok 
New York City is giving TikTok the boot from all government-owned devices, citing data protection and security risks. This move follows similar bans by multiple U.S. government bodies due to concerns over the app's Chinese ownership. THEHILL

Google's Incarceration Policy 
If you're locked up for more than two years, you'll come back to find your Google account gone, along with your connections to family, jobs, and memories. I don’t see how Google won’t fix this soon. TWITTER

Cruise Collision 
Cruise, the self-driving car company, had a bit of a mishap when one of its driverless taxis collided with a fire truck in San Francisco. This happened just a week after state officials gave the green light for the service to expand. And now they’ve been ordered to reduce their fleet by 50%. NYTIMES

NYT's AI Stance 
The New York Times has updated its Terms of Service to prevent its content from being used to train AI models, including the use of automated tools like website crawlers. THEVERGE

Tech Job Rebound 
The tech job recession is officially over, according to Bernstein Research analysts, with layoffs slowing down significantly. In the first half of 2023, tech companies laid off more than 300,000 employees, but now many are even starting to rehire. BUSINESSINSIDER

Tech Job Resilience 
Despite mega layoffs earlier this year, tech jobs, particularly IT, engineering and developer roles, remain in demand and less affected than expected. TECHCRUNCH

OpenAI's Financial Struggles 
OpenAI, the AI studio that brought AI to the masses, is burning through cash at an alarming rate, with their AI chatbot ChatGPT costing about $700,000 daily to run. A lot of people are talking about bankruptcy here, but I just don’t see it. They have too many levers they can pull to add additional revenue. FIRSTPOST | BUSINESS-STANDARD

ProjectDiscovery's Funding Boost 
Cloud security startup ProjectDiscovery just scored a cool $25 million in early-stage financing, showing that investors are still betting big on attack surface management. The company's tech helps organizations manage digital assets in the cloud, find and fix vulnerabilities at scale, and address cloud security misconfigurations. This is one of the companies I advise for. Absolutely love their tech, and their team. SECURITYWEEK

Trust Shift 
A Reddit user sparked a discussion about trusting Microsoft more than Google. The thread reflects a growing sentiment among tech enthusiasts, including myself. Crazy how fast that changed. REDDIT

SecureWorks Staff Reduction 
SecureWorks is cutting about 15% of its workforce, marking the second round of layoffs this year. The company, which focuses on threat detection and response, plans to rebalance investments and optimize its organizational structure to better position for growth. SECURITYWEEK

MacWhisper Update 
MacWhisper, the app that uses OpenAI's Whisper technology to transcribe audio files into text, has received a significant performance boost. The update, developed by Jordi Bruin, focuses on improving performance when transcribing large files. I just got this. Fantastic. 9TO5MAC

AI Burnout 
A user on Hacker News shares their experience of burnout due to the constant availability and productivity of ChatGPT. Despite the AI's efficiency, the user struggles with work-life boundaries, increased review load, and the overwhelming influx of information. HACKERNEWS

AirTag Child Tracking 
Parents across America are using Apple's AirTags to keep tabs on their adventurous toddlers. According to The Washington Post's Heather Kelly, parents see these devices as a means to provide freedom, not restrictions, to their children. MALWAREBYTES

Zoom's Policy Update 
Zoom is updating its terms of service to make it clear that it won't use customer data to train its own or third-party AI systems. I’m getting increasingly unhappy with this company. I am waiting for a leading alternative that is as ubiquitous. Not Google Meet. AXIOS

Musk's Unhinged Antics 
Elon Musk's recent behavior, including threats to visit Mark Zuckerberg at his home and broadcast it to the world, has raised concerns about his mental stability. THEVERGE

Performative Work Culture 
Asian employees are spending more time on "performative work", basically just looking busy rather than doing productive work. A global survey by Slack and Qualtrics found that employees from India (43%), Japan (37%), and Singapore (36%) reported spending more of their time on such work than the global average (32%). CNBC

AI Moderation 
OpenAI is trying out a new way to use GPT-4, their AI model, for content moderation, aiming to lighten the load on human teams. The technique involves prompting GPT-4 with a policy to guide its moderation decisions, with policy experts refining the policy based on how well GPT-4's labels align with their own. TECHCRUNCH

OpenAI's New Acquisition
OpenAI has scooped up the team at Global Illumination, a company known for leveraging AI to create innovative tools and digital experiences. The team, with its impressive background from Instagram, Facebook, YouTube, Google, Pixar, and Riot Games, will now work on OpenAI's core products including ChatGPT. I seriously can’t wait to see the results of this purchase. Imagine all these tools with super nice UIs. OPENAI | TECHCRUNCH

Tesla's Siri Integration 
Tesla has rolled out an update for its iOS mobile app that integrates Apple Shortcuts, allowing users to automate and use Siri for vehicle controls. The update enables Tesla owners to ask Siri to perform tasks related to their vehicles or use Shortcuts widgets to activate tasks. Super excited for this! ELECTREK

McKinsey's AI Tool 
McKinsey has launched its own generative AI tool, Lilli, designed to provide information, insights, and recommendations to its employees. The tool, which has been in beta since June 2023, has already been used by around 7,000 employees and has significantly reduced research and planning time. VENTUREBEAT

Open Dataset for AI 
The Allen Institute for AI (AI2) is shaking things up by releasing Dolma, a massive open dataset for training language models like GPT-4 and Claude. Unlike the proprietary datasets used by companies like OpenAI and Meta, Dolma is free to use, open to inspection, and designed to be the foundation for AI2's upcoming open language model, OLMo. TECHCRUNCH

HUMAN NEWS

Texas Power Surge 
Texas is experiencing a massive 6,000% increase in power prices as a new heat wave threatens to break temperature records. Spot electricity prices jumped to $4,750 per megawatt-hour from the usual $75, nearing the $5,000 cap and marking the highest in over five weeks. DESMONADESPAIR

Argentina's Currency Shift 
Argentina has decided to ditch its own currency, the peso, and adopt the US dollar instead. This major economic shift comes as a result of a vote by the Argentinian people. NYTIMES

Anxious Brain Behavior 
Anxiety can cause our brains to redirect how we regulate our emotions. This finding was based on a study published in Nature, which explored the neural mechanisms behind anxiety. NATURE

Asian Alliance 
The US, Japan, and South Korea are taking a step towards a three-way military and economic partnership, with a meeting at Camp David. This move, sparked by the growing threats in Asia and Russia's invasion of Ukraine, aims to maintain peace and stability in a region dominated by China. OODALOOP

Stem Cell Eye Treatment 
A team from Mass Eye and Ear has reported positive results from a phase I trial of a stem cell treatment for significant chemical burns in the eye. The treatment, called cultivated autologous limbal epithelial cell transplantation (CALEC), uses stem cells from a patient's healthy eye to repair the damaged cornea, with patients reporting significant improvements in vision. MEDICALXPRESS

Grindr's Office Ultimatum 
Grindr, the popular LGBTQ+ dating app, is giving its employees a tough choice: move within 50 miles of one of their offices in Chicago, Los Angeles, or the San Francisco Bay Area, or lose their jobs. BUSINESSINSIDER

Homelessness Surge 
More and more Americans are finding themselves homeless, and it's happening at a record rate. High housing costs and evictions are the main culprits, according to advocates. WSJ

Dementia and Pollution 
Air pollution might be a bigger culprit than we thought, as it's now linked to an increased risk of dementia. A recent study suggests that thousands of dementia cases each year could be due to air pollution. FORBES

Walking for Health 
Even a modest goal of 4,000 steps a day can significantly improve your health. The more you walk, the better off you'll be, with benefits including improved heart health and longevity. NYTIMES

San Francisco's Payroll 
San Francisco's top-paid employee is raking in a whopping $640K. This is part of a comprehensive report that details the salaries of every city worker. SFCHRONICLE

China's Disillusioned Youth
Young Chinese are increasingly disillusioned, facing high unemployment rates, skyrocketing property prices, and a gloomier economic outlook. The sentiment of young Chinese on social media platforms has been growing darker, with phrases like "lying flat" and "letting it rot" becoming more common. ECONOMIST

TV Viewership Declines 
Linear TV now accounts for less than 50% of all TV usage, with people opting for YouTube, TikTok, and streaming channels instead. Nielsen's latest report shows a 12.5% drop in cable usage from last year, with streaming services like YouTube and Netflix leading the charge. THEVERGE

Bridge Collapse Fallout 
Scott Gullacher, a professional engineer in Saskatchewan, got an 18-month suspension because he designed a bridge that collapsed just hours after opening. The Association of Professional Engineers and Geoscientists of Saskatchewan found him guilty on three counts of professional misconduct, including not providing adequate engineering designs for the bridge's foundations. Cool, can’t wait until tech is advanced enough to do this for software. We’re a long ways from that, though. CBC

AI Book Censorship 
Iowa's Mason City School District is using AI to scan and potentially ban books from its libraries. This move comes after the state legislature passed Senate File 496, which requires school library books to be "age appropriate" and without "descriptions or visual depictions of a sex act". ENGADGET

RF Exposure and Brain Tumors 
A study conducted in Germany examined whether occupational exposure to radio frequency/microwave electromagnetic fields (RF/MW-EMF) contributes to the development of brain tumors. The study, which included 381 meningioma cases, 366 glioma cases, and 1,494 controls aged 30-69 years, found no significant association between occupational exposure to RF/MW-EMF and brain tumors. PUBMED

Target's Sales Slump 
Target's sales have taken a hit recently, despite the overall retail boom. The slump is attributed to factors like consumer backlash over its Pride collection, rising prices for essentials, and a shift towards bargain hunting at places like TJ Maxx. MORNINGBREW

Gen Z Escapes Burnout 
Tired of the rat race, many Gen Z and millennials are quitting their jobs to travel, seeking a break from work-related pressures and burnout. According to a Deloitte survey, the pandemic has prompted many young workers to re-evaluate their work-life balance. CNN

Artistic Skills Gap 
Art schools today are reportedly not focusing on teaching students the foundational skill of drawing, leading to a significant artistic skills gap. The traditional method of learning to draw, which involves copying model drawings, is being revived by a growing number of institutions, such as the Dublin Drawing School, to bridge this gap. UNHERD

NOTES

Idea Amplification — Check out this post by UL friend and member, rez0 (Joseph Thacker), where he discusses the skill of amplifying ideas, a concept inspired by a podcast conversation between Tyler Cowen and Paul Graham. And I get a mention as well! REZ0

Switching to Naabu
I think I’m about to switch all my portscanners to Naabu, by Project Discovery. Reasons? Nmap is powerful but relatively slow. Masscan is brilliantly fast, but you can’t pipe into it. I love the fact that Naabu can be used on both sides of a pipe, as part of a CLI workflow. PROJECTDISCOVERY

Moar Content
I’m going with a lot more content in the newsletter these days. I know it’s a tradeoff, and there’s a super annoying bug where longer newsletters get cut off in GMail. But because I’m using my custom-built AI for collecting and seeing more stories now, I am finding way more great stuff worthy of sharing. Let me know how you feel about having more content.

I’m Actually Using FSD
I am actually driving around my town using Tesla’s FSD now. We’re at version 11.4 and it’s pretty damn good. Still too much herky-jerky for me, and too many scary pauses, but when I engage it in standard areas without construction and strange situations on the road, it’s quite good. I’m actually trying to force myself to accept this as normal, and it’s not easy. I know this is the future so I’m making myself accept it. Can’t wait for version 12, which is supposed to be bonkers.

IDEAS & ANALYSIS

Vision and Dementia Link
A recent study has found a strong correlation between vision problems and dementia in older adults. The research, conducted on nearly 3,000 older adults, revealed that those with eyesight issues, even while wearing their usual eyeglasses or contact lenses, had a significantly higher risk of dementia. This rhymes with similar findings for people with bad hearing, and also bad relationships. My personal theory is that the unifying factor might be the lack of exposure to stimuli. Isolation, in other words. Sight, sound, relationships, etc. What’s also interesting about this is that it can apply to younger people as well. Maybe not the dementia, but the pressure of isolation. I think people decline quickly when they don’t do new things. My takeaway is to make sure you’re living like you’re young for as long as you want to live. As soon as you slow down, I think your body receives a signal to pack things up and quit.

DISCOVERY

⚒️ Nmap Speedup — A method to speed up nmap service scanning by 16 times, enhancing efficiency in network security tasks. | by MegaManSec2 | REDDIT

⚒️ LlamaGPT — A self-hosted, offline, AI chatbot similar to ChatGPT, powered by Llama 2. It's completely private with no data leaving your device. | by Umbrel | GITHUB

Task Manager Trick — Did you know you can pause the Task Manager in Windows by simply holding down the CTRL key? This handy tip, shared by Microsoft's Jen Gentleman, stops apps from moving around in the Task Manager, making them easier to select. THEVERGE

VPN Avoidance — A strong argument against using VPN services, arguing that they don't provide the security and privacy they claim to. I have written similar pieces. TILDE.CLUB

Team Management Insights — Luis Costa shares his experiences and lessons learned from managing a small team of engineers for two years. LUISPCOSTA

Symmetry in Chaos — Paul Bourke explores the concept of symmetry within chaotic systems, using a series of equations to generate aperiodic chaotic attractors that form symmetric patterns. PAULBOURKE

AI Dungeon Master — LangChain's AI is now capable of simulating a multi-player Dungeons and Dragons game, acting as the Dungeon Master and creating an immersive narrative. LANGCHAIN

Tmux Revolution — Tmux is transforming the coding experience, as this video explains. It's a game-changer for developers, offering a more efficient and streamlined way to write code. YOUTUBE

Embeddings Cache — LangChain has introduced a new feature, "CacheBackedEmbeddings", to prevent redundant computation by caching embeddings. Super exciting! TWITTER

Enterprise LLMs — Working with Large Language Models (LLMs) in an enterprise setting is a different ball game compared to startups. SUBSTACK

Terraform vs Pulumi — Terraform, a popular Infrastructure as Code tool, is facing criticism for its scaling issues and recent license changes. Pulumi, an alternative that allows you to use real programming languages for infrastructure coding, is gaining attention for its scalability and flexibility. MATDUGGAN

Neighborly Greetings — Turns out, saying hello to your neighbors can actually boost your wellbeing. GALLUP

Studio Soundproofing — Jeff Geerling shares his journey of soundproofing his studio, highlighting that it's more of an art than a simple task. I did this too and it was tons of fun. JEFFGEERLING

Tab vs Space Debate — The age-old debate of tabs versus spaces in coding gets a new perspective, arguing that tabs are objectively better. Agreed. GOMAKETHINGS

Apple's Unconventional Hiring — You don't need to grind LeetCode or have a college degree to land a job at Apple. SUBSTACK

Effort Over Ability — Praising children for their effort rather than their natural ability can lead to better learning outcomes and more resilience. OXFORDLEARNING

Air Quality Monitoring — The AirGradient Pro Kit is a reasonably accurate, affordable (~$100) air quality monitor with open source firmware and hardware. I just ordered 3 of these! BUBELOV

RECOMMENDATION OF THE WEEK

I’m highly averse to recommending my own content in this section, but I’m making an exception. I think we have a crisis of meaning right now—especially as it relates to work. And I think my recent essay on What I’m Doing and How It’s Going can help many people a path out of the maze. READ IT

APHORISM OF THE WEEK

Don’t wait for the perfect moment. Take the moment and make it perfect.

Unknown

Thank you for reading. See you next week!