UL NO. 403: Signal Investigates Rumored Zero-Day Bug, AI Predicts New COVID-19 Strains, Dwindling US-China Scientific Collaboration...
In this edition we look into Signal's investigation into a rumored zero-day bug, how Harvard and Oxford researchers are using AI to predict new COVID-19 strains, the dwindling collaboration between American and Chinese scientists, and the European Commission's CSAM detection bypass
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.
Super excited about this X thread I just created about the ExtWis extraction of the convo between Neri Oxman and Lex Fridman. X broke the thread so you have to read upwards instead of down, but it’s worth the scroll!
I also woke up with a new joke in my head on Sunday:
“GenZ people should call perpetual liars ‘being stuck on CAPS LOCK’, because everything they say is CAP.”
I hope you have a stellar week! Let’s get into it.
Extracted Wisdom Analysis of Marc Andreessen’s Techno-Optimist Essay
This just came out this morning, so I just read it and ran it through ExtWis. It did a fantastic job I think! READ IT
Extracted Wisdom from Oxman and Fridman’s Wonderful Conversation
My new X thread that covers the conversation between Lex Fridman and Neri Oxman. Pretty sure this is the most inspiring conversation I’ve ever witnessed in terms of insights and beauty per second. READ IT
Extracted Wisdom: Sam Parr & David Perell Discuss Writing
A wisdom-dense conversation between David and Sam on effective copywriting, crafting company vision, his reading habits, and tons more. MEMBERS LINK | GET ACCESS
📢 Winter 2023/Spring 2024 Sponsorship Window
We are now opening the window for new sponsors for Winter 2023/Spring 2024. If you would like to get your company seen by over 99,000 of the smartest and most influential people in security and tech, you should reach out to get on the calendar before the calendar is filled.
“We’ve had multiple new customers say they heard about us from Unsupervised Learning, so we’ll absolutely be renewing.”
~ One Recent Sponsor
EMAIL US AT [email protected]
Signal's been chasing rumors about a supposed zero-day bug linked to their 'Generate Link Previews' feature. The rumors have been spreading quickly, with claims that the bug could allow a full takeover of devices. But after digging into it, Signal says they've found no evidence that this bug is real. I’d find a vuln like this in Signal especially annoying since I have to update the client like 13 times a week. MORE
The European Commission's CSAM detection system works by matching images on a user device against the fingerprints stored in a central database, but the system can evidently be manipulated to trigger an alarm for non-CSAM material as well. MORE
The US Congress got a taste of Predator Spyware via the Vietnamese government. The targets included representative Michael McCaul and senators Chris Murphy, John Hoeven, and Gary Peters, as well as Asia-focused experts at US think tanks and several journalists. MORE
🪳CISA, FBI, and MS-ISAC are urging admins to patch their Atlassian Confluence servers like yesterday, due to a critical privilege escalation flaw that's being actively exploited. MORE
🪳Microsoft's October 2023 Patch Tuesday addressed 3 zero-days and 104 other vulnerabilities. MORE
🪳Two High-Risk Security Flaws in Curl Library — Two serious vulnerabilities have been found in the Curl data transfer library, one of which could lead to remote code execution. CVE-2023-38545 | CVSS Score: 7.5 | MORE | MORE | MORE | MORE
🪳The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity flaw in Adobe Acrobat Reader that's being actively exploited. MORE
🪳 Magecart's New Trick — Magecart is now hiding malicious code in websites' 404 error pages to steal credit card info. | High | MORE
🪳 Juniper Networks Patches Over 30 Vulnerabilities — Juniper Networks has patched more than 30 vulnerabilities in its Junos OS and Junos OS Evolved, including nine high-severity ones. | High | CVE-2023-44194 | 8.4 | MORE
Microsoft's AI assistant, Copilot, is raising security concerns due to its access to all user data within Microsoft 365 apps. On average, 10% of a company's M365 data, which Copilot can access, is open to all employees. MORE
A U.S. Navy sailor, Wenheng Zhao, has admitted to taking bribes from a Chinese intelligence officer and passing on sensitive military information. Zhao, who held a U.S. security clearance, confessed to receiving almost $15,000 in bribes from August 2021 to May 2023 while working at Naval Base Ventura County in California. MORE
A coalition of the tech giants recently revealed the largest-ever DDoS attack, which compressed a month's worth of Wikipedia traffic into a two-minute deluge. The attack peaked at over 398 million requests per second, exploiting a zero-day vulnerability known as "HTTP/2 Rapid Reset". MORE
Microsoft's new bug bounty program is all about AI, specifically targeting vulnerabilities in AI-powered Bing. MORE
The AvosLocker ransomware gang is hitting the U.S. critical infrastructure sectors hard. The FBI and CISA have released a joint cybersecurity advisory detailing the ransomware-as-a-service (RaaS) operation's tactics, techniques, and procedures (TTPs). MORE
Equifax just got backhanded with an £11.1 million fine by the UK's Financial Conduct Authority (FCA) for their 2017 data breach. The fine was originally set at £15,949,200 but Equifax received a 30% discount for agreeing to the penalty early and a 15% credit for good behavior during the investigation. MORE
AirTags are under scrutiny again, this time with a class action lawsuit claiming they're basically a stalker's best friend. The lawsuit cites over 150 US police reports and a surge in international stalking cases involving AirTags. MORE
The gap between top and bottom-earning CISOs is widening, with the highest earners seeing their salaries increase at triple the rate of those at the lower end. According to a survey of 600 US-based CISOs, most are earning either below $400,000 or above $700,000 a year. MORE
The CIA has officially admitted that the 1953 coup it backed in Iran, which overthrew the prime minister and cemented the rule of Shah Mohammad Reza Pahlavi, was undemocratic. You think? Best book I’ve ever read on the own-goal nature of US foreign policy is Blowback. It will make you facepalm for sure. MORE
US intelligence evidently had concerns that something was being planned in the Gaza strip. They produced at least two assessments based on intel from Israel, warning of an increased risk for Palestinian-Israeli conflict weeks before the actual attack. But the expectation was that there would likely be just another round of small-scale violence by Hamas. MORE
Finland's Security and Intelligence Service (Supo) warns that Russia is currently treating Finland as a hostile country, following a suspected act of sabotage on Finland's maritime infrastructure. The incident involved damage to a subsea telecommunications cable and gas pipeline between Finland and Estonia, with Finnish authorities suspecting external (ahem, Russian) activity. MORE
Harvard and Oxford researchers are using AI to predict new COVID-19 strains before they even happen. The AI model, called EVEscape, is trained on historical viral sequences to predict how the virus could mutate. When tested with pre-pandemic strains of coronavirus, EVEscape accurately predicted the most frequent mutations and dangerous variants of SARS-CoV-2. MORE
California's giving cities the green light to nab speeders with automated cameras. The new law, signed by Governor Newsom, is aimed at reducing traffic fatalities which have been on the rise. MORE
The digital afterlife industry is getting crowded, with companies like Microsoft considering creating conversational chatbots of deceased individuals using their social data. I am surprised Microsoft is getting into this so early. I’d have expected the MANGA companies to wait for others do work out the creepy first. MORE
Scientists have developed a bionic hand prosthetic that offers improved control and comfort. The hand is directly connected to the user's neuromusculoskeletal system, allowing it to perform around 80% of typical daily tasks. MORE
Saturday's annular solar eclipse put a serious dent in US solar energy output. Grid operator estimates suggest that over a third of the country's solar capacity, enough to power about 20 million homes, was offline at some point during the three-hour event. MORE
TSMC is spinning up its next tech bump up for 2nm. MORE
We've got a new map of the human brain that’s more detailed than ever. It's not just a visual map, but it also includes cellular and genetic levels, making it a significant jump in our understanding of the brain. MORE | MORE
Adobe and partners have created a symbol to tag AI-generated content, aiming to provide transparency about its origins. The symbol, dubbed an "icon of transparency", will be added to the metadata of images, videos, and PDFs. MORE
Uber now allows customers to call and request a ride without needing the app. The new feature, announced at Uber's annual product showcase, allows riders to book a ride on-demand or schedule one ahead of time. Is that really a problem that needed solving? MORE
A 21-year-old computer science student, Luke Farritor, has become the first person in two millennia to read a word from an unopened Herculaneum scroll. The breakthrough was part of the Vesuvius Challenge, a competition that awarded Luke a $40,000 prize for finding at least 10 letters in a 4 cm2 area in a scroll. MORE | MORE
Ireland is swimming in cash, thanks to tax revenue from U.S. tech and pharma companies. They absolutely nailed their tax strategy to get more international companies doing business there. MORE
The University of Arizona is launching a five-year study to examine if irritable bowel syndrome (IBS) is a long-term symptom of Covid-19. The study, backed by a $3.2 million grant, will track over 9,000 participants to assess post-Covid health impacts. MORE
The collaboration between American and Chinese scientists is dwindling due to new rules and political tensions. In 2020, the number of papers co-authored by researchers from both countries fell for the first time, and the number of visas awarded to Chinese students and academics by the US is down to about a third of its 2015 peak. MORE
Paris is dealing with a bedbug infestation, and it's not just the discount hotels that are affected. The bugs have been spotted in places like the Paris Métro, cinemas, and even schools. MORE
Pro-Palestinian demonstrations have been banned in France, causing a stir in the international community. Support: The decision comes after Israeli flags, raised in solidarity, were torn down and destroyed in several German towns. MORE
IDEAS & ANALYSIS
Marc’s New Tech Manifesto
Marc Andreessen just put out his latest essay, which he is calling a manifesto. It’s basically an argument that tech is good and that we should be optimists about it. I’m already an optimist and I already agree, but I like how he lays it out. I just wish he addressed the counter-arguments with a bit more zeal. He’s an investor and startup guy. Of course he wants optimism. I’d believe him more if he gave me good steelman arguments on the other side. MORE |
The Best Schools Are On Military Bases
The Pentagon is running the top-performing schools in the U.S., outshining all other American districts in reading and math. These Defense Department-run schools, teaching 66,000 students across U.S. domestic and foreign military bases, saw 55% of their eighth graders proficient in reading and 41% in math in 2022, significantly higher than the national averages of 29% and 26% respectively. I can’t believe 55/41 are numbers to brag about, and 29/26 is just disturbing. For parents/cultures that priortize self-discipline and education (see Asian/Indian/Jewish households), those are probably like 5th grade numbers. The difference in metrics and outcomes across parental/cultural groups needs to be studied and talked about a whole lot more than it is. It’s a set of behaviors, not magic. We all need to start copying what we know works for the successful groups. MORE
Kids Are Spending 5 Hours a Day on Social Media?
U.S. teenagers are spending an average of 4.8 hours per day on social media, with girls spending nearly an hour more than boys. The data, gathered from a Gallup survey of over 1,500 adolescents, reveals that 51% of teens spend at least four hours daily on platforms like YouTube, TikTok, Instagram, and Facebook. The study also found that teens with lower conscientiousness and those with parents who don't restrict screen time tend to spend more time on social media. Stunning. Well, the number is really stunning, but it’s not surprising that those with lower self-discipline and parents who don’t enforce rules spend more time online. I’m starting to think self-discipline is like the thing to focus on for predicting success, and the main thing to try to nurture in kids. This is also supported by the fact that high conscientiousness (one of the OCEAN traits), is the strongest predictor of future success other than IQ. MORE
Where are the Women on Github and AI YouTube?
Why are so few women creating projects on Github? A recent study found that women make up only 6% of contributors on GitHub, and that if you looked at people with more than 10 commits it went down to like 4%. Meanwhile, women are something like 51% of the creators on YouTube. It’s obviously not a creative talent difference, so why aren’t they creating code projects? I especially noticed this recently with AI stuff. I noticed the other day that I follow like a million AI influencer types who are writing code, sharing it, and talking about it on YouTube. And I have only seen a couple that are women. What’s going on, both for AI coding and Github creation in general? Whose fault is this? Is it simply a preference difference? Like is coding for fun just not as interesting to women? And if so, how much of that is something to be addressed or “fixed” vs. being ok? My problem with it being considered a sign of gatekeeping is that there’s no gate on Github. You just post stuff. Most people who do get no love whatsoever but they still post because they want to. And there’s obviously no gate for women creating and crushing on YouTube. Conversely, my problem with it just being “ok” becasue “it’s preference thing” will empower people saying disparities in technical roles in companies is also ok, because “fewer women just want to do those jobs”. I believe that mentality raises biases in hiring managers and DOES create a gate, locking out women who actually want those jobs. What do you think? MORE
💡A recommendation as you build your AI apps:
➡️ Focus and spend time on optimizing the broader pipeline of your idea, not on specific implementation details.
It’s a waste of time to optimize tooling that will be obsolete in weeks or months.
🔗Focus on the PIPELINES. #ai… twitter.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Oct 11, 2023
To those who think AI is over-hyped because "a lot of people tried it and didn't stick with it", I have news for you.
Most people don't read books either.
That's what AI is. It's like reading.
You can NOT do it. 100%. Just know that you'll be working for the people who do.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Oct 11, 2023
Another thought on AI development.
A lot of consumer tech follows these phases:
1. Starts as a crazy idea
2. First version is a cool gadget or app
3. It becomes a serious company
4. It becomes an OS feature
As such, most AI apps/companies today are future OS features.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Oct 11, 2023
If you can only write publicly about certain, narrow topics for fear you'll get no views or even negative comments, then you haven't built a platform.
You've built a prison with transparent walls.
Why stand on a soap box and ask the crowd what you should say?
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Oct 12, 2023
A tweet is a just a really abbreviated book.
A book is just a really elaborate tweet.
And that's because tweets and books aren't real things. They're arbitrary containers.
It's all just ideas. Don't get too caught up on the format.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
Oct 13, 2023
Triple Screens? Seriously?
Triple-dividing Your Attention, to Keep Your Attention
There’s a thing that’s been happening on TikTok for a few months now that started with two screens, but now it’s branched into three. They have the main content playing, but in order to retain you they also play something else like a video game with action. So what happens is when you get even micro-bored your brain goes to the video game. Then when they say or do something interesing, you jump back to the main content. Well now they’re triple-splitting the screen. How is a book supposed to compete with that?
Apple's new Snoopy watch face on watchOS 10 is the sleeper best watch face on the Apple Watch. It has the most personality of all of them, and the most variation. Loving it, and this article describes the features well. MORE
Taylor Swift's 'Eras Tour' movie is out, and I’m absolutely going to see it. I don’t know much of her music, but I 100% consider her one of my heroes. And I don’t use that word lightly. I think she’s crushing life, and that she’s a role model for doing what you believe and changing reality to conform with it. To me she’s like a Jobs or Musk, but nicer. MORE
Jonah Hill's new Netflix documentary spotlights the transformative psychotherapy methods of Phil Stutz, who prefers to give his patients actionable steps rather than just listening. Stutz's approach involves a series of "Tools", simple steps or actions that can change your inner state almost immediately. This is on my watch very soon list. MORE
This newsletter (content and format) has felt the most UL and the most “me” of any in a while. Let me know if you enjoyed it.
⚒️Scalar — A nifty tool that lets you generate interactive API documentation from Swagger files. It's got a bunch of cool features like request examples for a ton of languages and frameworks, an integrated API client, and the ability to edit your Swagger files with a live preview. GITHUB
⚒️ ffuf — (fuzz faster you fool) A fast web fuzzer written in Go that allows you to fuzz URLs, headers, and POST data. It's got a ton of features, including recursion, auto-calibration, and an interactive mode. | by Joona Hoikkala | GITHUB
US citizens or permanent residents with permanent disabilities can now get a lifetime pass to National Parks for free. MORE
There's a fresh perspective on the 4-day workweek concept called an 80% job. It's a 32-hour gig at 80% salary. I like the willingness to think differently, but 32 hours is still basically 40 hours. MORE
The US has $5 billion in Bitcoin. MORE
A Bay Area gang was slashing BART seats as part of an upholstery racket. MORE
AI's getting pretty good at predicting earthquakes. MORE
Mark Manson has curated a list of 14 non-fiction books he believes everyone should read. MORE
OpenAI's GPTDiscord is a robust, all-in-one GPT interface for Discord, enabling users to chat like ChatGPT, generate AI art, moderate servers, and get AI-assisted insights. MORE
A new automation startup, Relay, is aiming to outdo Zapier by offering a workflow automation platform that uses AI and goes beyond the usual triggers and actions. I’m also looking at Make for a Zapier alternative. MORE
Leap AI is a tool that lets you design, test, monitor, and deploy AI workflows. MORE
Job hunting for software engineers has taken a strange turn, especially for contractors. It used to be a two-week process, but now it's stretching into months with no leads. MORE
HOTSAT-1, a new high-resolution thermal satellite, can show temperature differences down to a resolution of 33 feet, which is a big jump from the 330 feet, 1,650 feet or 3,300 feet resolutions of previous satellites. MORE
Microsoft's Paint app is getting an AI-powered upgrade called Paint Cocreator, which helps you create artwork by just describing what you want. MORE
Google is letting users generate AI images directly from the search bar. MORE
SaaS startup founders share advice they'd give their younger selves. MORE
Kubiya.ai is using ChatGPT to streamline DevOps. MORE
Apple's iPhone and Apple Watch continue to be popular among teenagers, with 87% owning an iPhone and 34% owning an Apple Watch. The survey also revealed that 88% of teens expect their next phone to be an iPhone. MORE | MORE
RECOMMENDATION OF THE WEEK
I’m getting tons of insanely valuable insights out of watching Robert Sapolsky clips on YouTube. He’s one of Huberman’s mentors at Stanford and I first came across him when I read Behave back in like 2017. It’s one of my Top 50 books on the bookshelf. Sapolsky is working on what I consider to be some of the most important questions at the intersection of biology and human behavior. Highly recommended. MORE | MORE
APHORISM OF THE WEEK
Genius is nothing more nor less than childhood recovered at will.