Unsupervised Learning Newsletter No. 271

News & Analysis

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I've found in the last week to around 50,000 people. It'll save you tons of time. 

STANDARD EDITION | Ep. 271 | February 22, 2021 


🔥 The US says a China-backed threat actor has launched a major attack on Microsoft Exchange servers that has affected more than 30,000 organizations in the US alone, apparently going back to January 6th. The attack, and the group that launched it, are being called Hafnium, and the Biden administration says not only to patch but to look for other evidence of additional compromise since the attack includes the dropping of a backdoor. Krebs FireEye Wired Nuclei Template Microsoft Blog Post Microsoft Detection Tool

Attackers are targeting the software supply chain by creating malicious libraries that are similarly-named to benign versions. Since most people never check those names, people are downloading and executing malicious code that does stuff like gather passwords and open remote shells. Software being targeted include apps from Amazon, Zillow, Lyft, and Slack. More

There has been a breach of SITA's Atlanta-based servers, a service provider to 90% of the world's airlines. Singapore Airlines alone said more than 580,000 customers were affected, and Malaysia Airlines said they'd lost over 9 years of data. To me, this is just part of the ongoing effort for APTs like China to upgrade their Cyber CRM. Basically, to compromise as many industries as possible that have data on future high-profile or high-interest individuals, and to keep that data as fresh as possible. OPM, Marriott, Equifax, and now the airlines. And that's not even counting genetic data, which could be super useful later. This is a brilliant long game on their part, and I hope the US has something similar for defensive purposes. More

The REvil ransomware operation has added a new tactic to its toolbelt. In order to add pressure to victims to pay, they're calling the target's business partners and telling them that their data has been leaked by the target, presumably generating a ton of incoming inquiries and attention that will force them to pay. Evil indeed. More

China has targeted India's power grid as part of ongoing border disputes. More

Four of the top Russian cybercrime forums have been hacked, with data stolen. More

The US State Department's Global Engagement Center, which monitors disinformation, says they've seen multiple Russian intelligence campaigns designed to undermine American confidence in COVID vaccines. More

A National Security Commission on AI says the US is unprepared for competition with China, and that we must make immediate and drastic changes to adjust. More

A new paper out of the University of Illinois at Urbana-Champaign captures a side-channel attack against modern CPUs. It focuses on gathering information from the ring interconnect portion of CPUs to gather sensitive data. More


Tech salaries grew in 2020, with Silicon Valley in first place followed by New York, Boston, San Diego, DC, Seattle, Denver, and Austin. More

Deepfakes continue to gain quality and attention. A Korean news channel replaced their main newscaster with an AI version as a test, and they said they'll continue to use the technology for breaking news since you can just feed it text and go "live" immediately. More

A study by Telstra Ventures says the exodus out of California has been greatly exaggerated, with 97% of startups staying in the Bay Area. They also said most startups that left didn't go to Austin, but instead to Colorado. More


  • Square has purchased most of Tidal for $297 million. More


The pandemic is massively affecting global trade and shipping, causing delays in supply chains for multiple industries. More

51% of Switzerland voted to ban burquas and other full-face coverings. More

A new study has found that couples who watch and discuss movies about relationships get similar benefits to other early marriage counseling programs. More

The US is expecting 300,000 fewer births this year. More


We Were Very Wrong About Testosterone — What I've learned recently about this fascinating hormone. More

The Relative Importance of High-Resolution Audio, CD Quality, and MQA — An essay for the audiophiles out there familiar with the high-res audio debate. More

Evolving Society vs. Cancel Culture — People are upset that Dr. Seuss is getting banned. Except they're not really—they're self-policing. The group that started all this is the company run by the family itself, and the market is simply following their lead. So here's the thing: out of control cancel culture is bad—agreed. But so is trying to watch an old movie full of white people who do nothing but belittle and diminish other groups. It's cringeworthy. I'd never seen Breakfast at Tiffany's, for example, and I tried to watch it like a year ago and it was unbearable. There has to be a way to do multiple things simultaneously: 1) enjoy the beauty in art that was created when we were less evolved as a society, 2) evolve as a society by lowering the prominence of such art to set a better standard. This isn't an either-or. We can and must do both. We are constantly evolving, and in 100 years we'll (hopefully) be even more inclusive than we are today. But that means for all of our history we've created morally flawed art, and that will always be the case relative to the current moment. We must find a way to accept that, and to benefit from such art despite its flawed moral context. The alternative has us discarding pretty much everything we've created thus far as shameful and inappreciable—from books, to movies, to countries, to civilizations. We must solve this riddle of being able to appreciate our prior achievements while simultaneously demanding that we do better.


I had my first real Clubhouse experience last week. It was pretty interesting. It was a group of like 20 people getting bullied by one strong personality, so after listening for like 10 minutes I jumped in and turned it into me vs. him. It reminded me of my old days of debating religion with people. I don't really encourage or enjoy that activity in myself anymore, but it was invigorating. Engaged for like 30 minutes and had to bail to play table tennis. But it was fun. I encourage everyone to dive in and get a feel for it. It's quite a unique experience, and just the presence of lots of human voices is comforting right now.

We had a great UL Book Club last weekend for the book, Life 3.0, by Max Tegmark. Lots of vibrant conversation about the book itself and multiple adjacent topics. Join The Conversation

Minor point, but I've moved all my product, service, and project discovery items to the top of the Discovery section. I think 'Name — Description' is a great format to start with for those types of items, followed by the surfacing of various articles and such at the bottom. Let me know if you like the change.

ERRATA: Last week we said 5.6% of the US reported as transgender according to GALLUP, but that was the entire LGBT percentage, not just transgender.


OURA Ring — I've tried a lot of wearables in my time, and other than my watch I've never stuck with one for more than a couple of weeks. The OURA Ring is the exception. I wear it every day and every night, which gives me sleep tracking without having to wear my watch or install one of those silly bed covers. More

X-1 Ultralight Titanium Knife — This is my EDC knife, and I absolutely love it. It does two things for me: 1) minimalism, and 2) never needing sharpening because it uses utility razor blades. More

Malwarebytes — My go-to anti-malware tool on Windows and Mac. It's what I recommend to everyone, and have been for nearly a decade. And as a show supporter, they're offering us 25% off. [SUP] More

Superhuman — My preferred email client, despite it being $30/month. It's a GUI-based email app that functions more like it's a CLI, and everything they do is catered to professionals and optimizers. It's the fastest and most satisfying email client I've ever used. More

Procrustes — A Bash script that automates the exfil of data if you have blind command injection and no egress but DNS. More

Dolt — Git for data. It's a SQL database you can fork, clone, branch, merge, push, and pull just like a git repository. More

Mito — Write Python 10x faster by editing a spreadsheet. More

FlowchartFun — You add lines of text and it creates a flowchart. More

A brilliant set of award-winning astronomy photographs from Miguel Claro. More

A guy wrote a bot to watch his birdfeeder and identify the birds using ML. I'm going to implement this. More

Low Earth Orbit Satelite Visualizations More

Resources for Beginner Bug Bounty Hunters, by Ben Sadeghipour More

A great thread on how many layers and neurons to use in Neural Networks. More


If you're into health topics, such as diet, sleep, exercise, etc.—presented through a highly rigorous science filter—you absolutely need to add Andrew Huberman to your podcast rotation. It's quality content presented brilliantly through a series of focused topics. More


“We can be knowledgeable with other peoples' knowledge, but we can’t be wise with other peoples' wisdom.”

~ David Brooks