Unsupervised Learning No. 250

News & Analysis

I spend 5-20 hours a week consuming books, articles, and podcasts that explore the intersection of security, technology, and society. Then every Monday morning I send out the best of what I found.  

MEMBER EDITION | EP. 250 | October 12, 2020

UPDATES

New Essay — CrowdSec: A Modern Replacement for Fail2Ban More

Reminder that we're reading Nudge as the book of the month for the book club. Thanks again to Scott for the recommendation.

If anyone knows someone willing to sponsor our Slack channel, please reach out. We're over the free limit of 10,000 messages, and we took a poll and don't want to move to Discord, so if you know someone just give me a ping.

And I'm continuing to work on the website redesign, and am looking to add the search button back, which a lot of people have asked about.

SECURITY NEWS

US Cyber Command has evidently been disrupting the Trickbot botnet using a variety of techniques heading up to the 2020 election. It looks like they've been adding fake clients and sending disconnect commands as part of the operation, which was anticipated by my buddy Patrick Gray over at Risky Business. More

CISA has put out a solid guide to help people defend against, and respond to, ransomware infections. More

Twitter announced the takedown of hundreds of state-linked accounts from Cuba, the Russian IRA group, Saudi Arabia, Thailand, and Iran—totaling millions of tweets. More Stanford Report

Facebook is banning QAnon across its platform—or at least it's trying to. They're also banning political ads after November 3rd. It's a pretty interesting development given that it's not a person or even an organization. It's literally an idea. A conspiracy. And there are evidently multiple variants of it as well. It think this is a signal of what's coming, where platforms are forced to ban entire idea clusters because they're deemed too dangerous. But that's dangerous in itself. QAnon is an easy case, but there are lots of different types of controversial idea, and once they do it for one they're going to get asked to do it for many others. They've now basically said that if there's a bad idea circulating virally on the platform, it's their fault since they haven't removed it. This is a business they don't want to be in, but the election is forcing their hand.

The US government is now warning companies that they better not be paying ransoms to organizations who are sanctioned by the US. More

Putin was interviewed recently and had some nice things to say about the Democrats. It looks like he may be prepping for a possible Biden presidency as well. More

The US seized 92 domains used by Iran to spread anti-US disinformation. More

Russia has joined China in banning certain types of encryption, all to further their ability to intercept and monitor traffic within their countries. This includes the ESNI extension for TLS 1.3, which hides target hostnames from people who can see a given traffic stream, e.g., ISPs. More

Vulnerabilities:

  • Researchers found SSRF vulnerabilities in Microsoft Azure that can allow server takeover. More

  • There's a new XSS vulnerability in phpMyAdmin. More

  • Cisco fixes high-severity flaws in Webex and Security Cameras More

TECHNOLOGY NEWS

PC shipments are up by 13% in Q3 2020, and are on track to break a 10-year record. More

With sales calls going virtual, companies are starting to roll out AI that can monitor calls and make recommendations. More

NVIDIA is doing some truly amazing stuff with AI around video streaming. They're using GANs to have the receiver's computer anticipate content of the feed so that not nearly as much data needs to be sent over, which results in using less bandwidth to get a better video feed. They can also do stuff like align people's faces so it looks like they're looking at the camera even if they're looking off-center. More

Someone used GPT-3 to post on Reddit for a week, and the quality was quite good. They were posting in bursts up to one post per minute. More

Companies:

  • Affirm, which allows people to easily pay for things in installments, is looking to IPO soon, and could raise as much as $10 billion. More

  • Twillio is buying Segment for $3-4 billion. More

  • Chorus is an AI tool that monitors and transcribes sales calls and makes recommendations. More

SOCIETY NEWS

The FBI is has reported a 15% increase in murder in the US from January through June 2020, but property crime is down 8%. More

The US is back over 50,000 new daily COVID cases. It's almost like there's some sort of relationship between allowing people to meet in enclosed buildings and infections. Someone should research that. More

Girls continue to show less interest in learning Computer Science. Twenty-five percent of girls are very interested (8%) or interested (17%), compared with 50% of boys who are very interested (21%) or interested (29%) in learning computer science. Girls (45%) are more likely than boys (27%) to say they are not interested in learning it. These numbers could explain up to double the representation of men in Computer Science fields, but the discrepancy is higher than double so more attribution is still needed here. More

New Zealand isn't just defeating COVID; they've also nearly eliminated influenza in their country due to good hygiene/distancing practices. It's interesting how all this safety is going to help with flu and colds as well, although nobody is sure how much. More

The richest people in the world's wealth increased by 27.5% between April and July of 2020. There are 2,189 billionaires in the world, according to UBS. More

TikTok has surpassed Instagram as the second most popular social app for teens. Snapchat is still number one, which surprised me because I thought they got taken out of the game. More

The US military is doing serious marketing and recruiting from the esports community. More

Companies:

  • Cerebral is a mental health subscription service, and they just raised $35 million. More

IDEAS, TRENDS, & ANALYSIS

A number of companies' employees have started rebelling against choices of who to work with, and what products to make. Spotify employees are complaining about having Joe Rogan on the show, and New Relic employees are rebelling over the culture at the company. Some of this is good, obviously, as you want a company to have a conscience, and if anyone is going to maintain that it is natural that it comes from the employees. And when the values of the company internally are out of alignment with its public face that's also a concern. But as with most good things, this type of self-attack becomes bad after a certain point. If employees are super-activist on certain issues, such as the use of AI to target users better, or hosting platforms that have lots of people with varying ideas, then at some point the employees have to choose between their values and their employment at that company. It doesn't make sense to enter into a voluntary relationship with a logging company, for example, and then start a revolution from the inside against cutting down trees. I think we're likely to see a line in the sand soon from companies, in the form of work contract adjustments, that make it clear that the political stances of leadership, and the choices for what to build, are not up to the new employee, and that they'll be prohibited from starting internal movements that oppose the company's purpose. This will of course create tension, and there will soon be wokeness ratings for companies, so young woke employees can see where they'd like to work. But I expect the entire thing to relax in a year or two as it becomes clear that companies are there for a market purpose and being perfect citizens on top of that is a nice-to-have, not a must. This is especially complicated by the fact that perfect corporate citizenship is different for everyone. I expect to see a 'corporations vs. employees' battle in the startup-to-medium-sized company space—especially in tech. More

A Map of America's Economic Drop Due to COVID More

Why You Should Write More

Your Product Demo Sucks Because It's Focused on Your Product More

Before you write Trump off as a loss in the 2020 election (it's looking pretty bad for him), Gallup just released a poll saying 56% of Americans think they're better off than 4 years ago, and that is a poll that went from September 14th to September 28th, so it already has the pandemic and economic damage factored in. Stunning. More

Perceptions of China have been plummeting for many countries around the world. More

DISCOVERY

Google Interview Questions Deconstructed More

The Reason Behind America's New Wave of Layoffs More

The Strange World of Deepfake Actors. Basically, the more similar the human's actions the easier it is to make the deepfake believable. More

A brilliant data analysis of 25 years of Gartner Hype Cycles. More

Almost everything you need to know about SPACs (a different way to take a company public). More

Why startups are going public right now. More

The Conspiracy Chart — A hierarchy of detachment from reality. More

Names.io — An exhaustive list of first and last names. More

FavFreak — A tool that finds sites related to brands by comparing hashes of their favicons. More

RECOMMENDATIONS

TruCaller is an app that blocks spam calls (and texts). It now has 250 million users. If you're not using it, I recommend it. I probably get 90% fewer spam calls with it. More

Meaning and Writing More

APHORISMS

“We know that bad security is acceptable—as a society—precisely because we accept it—as a society.”

~ Daniel Miessler