Unsupervised Learning Newsletter No. 283

News & Analysis

STANDARD EDITION | Ep. 283 | Tuesday: June 1, 2021 


The FBI says the Conti ransomware gang, which disabled the Irish healthcare system, has also gone after healthcare and first responder networks in the United States. They say they've hit over 400 organizations worldwide, and at least 290 in the US, including police departments, 911 dispatch centers, and more. More

Researchers at Georgetown University used GPT-3 to generate disinformation on climate change and foreign affairs, and they were able to tangibly sway real peoples' opinions. They showed people GPT-3 generated content on Afghanistan troop withdrawals and US sanctions in China, for example, and were able to double the number of people against a given policy. More

The SolarWinds group is going after think tanks with a new backdoor called "NativeZone". More

Have I Been Pwned has gone open source, and the project is getting help from the FBI in pulling in known-compromised passwords. More

New flaws in Bluetooth allow attackers to impersonate legitimate devices, allowing MiTM attacks. A series of CVEs have been released around the flaws. Impacted vendors, including Android, Cisco, and others are working on patches. More

Microsoft released a tool called Counterfit for testing the effectiveness of AI-based security systems. More

Facebook says Russia is still the biggest player in disinformation on its platform. More

Continuous Attack Surface Management (CASM) is becoming a real space now. There are tons of players getting in, from vulnerability management companies to small startups that come from the bug bounty community. More My Analysis

A UN report says a drone may have carried out the first known autonomous attack that killed a human last year. The attack was in Libya, and was made possible by an object recognition system that does not require connectivity once it's received a target. This allows it to travel, hunt, and carry out an attack without being given explicit instruction once the target is found. Daniel Suarez warned us about this in his book, Kill Decision. More

Danish media is saying that Denmark helped the US spy on European politicians, including Angela Merkel. More


  • HPE fixes an 0-day in Systems Insight Manager. More

  • Siemens PLCs have some newly discovered vulnerabilities. More

  • Drupal has released security updates. More

  • VMware vCenter has a critical RCE. More


  • JBS Foods, the world's largest beef and poultry producer with 245,000 employees around the world, has shut down production due to what they're calling a cyberattack. More


  • Crowdstrike and EY are uniting to work on Organizational Resiliency. More

  • Salt Security raises $70 million to do API security. More

  • Material Security raises $40 million to address email hacks through integration with identity-protection services like Duo and Okta. More


Microsoft is teasing a new version of Windows, and the announcement could be soon. Supposedly there will be major UI changes, and updates to the app store. I'd like it to have fewer ads. That's my ask. More

Microsoft has released a tool that lets you write basic code using the power of GPT-3. More

An AI system looked at 40 years of scientific papers and predicted 19 out of the 20 most impactful publications. It then looked at current work and picked 50 recent papers that it thinks will be among the top 5% of biotech papers in the future. Sounds like a dream tool for investors. More

Twitter appears poised to release Twitter Blue, its $2.99 monthly subscription tier. Features will supposedly include the ability to undo a tweet, among others. More

The world's fastest AI supercomputer came online at Lawrence Berkeley National Lab. It's an HP-built Cray computer with 6,159 NVidia A100 Tensor Core GPUs, and they intend to use it to build a massive 3D map of the universe. More

Peloton is building a new $400 million dollar factory in Ohio. More

Tesla has turned on its in-car camera so that it can monitor drivers while they're using autopilot. It's designed to monitor the driver for inattention, and the data is not supposed to leave the car. More

Tesla is being fined in Europe for throttling charging speeds. More

Tesla is now shipping cars without radar sensors, going instead with camera-based detection. More


China is now allowing citizens to have up to three kids. Just to be clear, it was illegal to do so before now, because the government can tell you how big your family can be. So I guess…thanks? What's next? Freedom of expression? Reminds me of Saudi Arabia allowing women to drive. What do you want, a cookie? You're not supposed to get credit for returning rights that weren't yours to take away. More

A study by Public Health India says two doses of COVID vaccine (Pfizer or AstraZeneca) are effective against the India variant, but it said you're significantly more vulnerable with only one dose. No word on Moderna, but I'm hoping it has similar efficacy against that strain. More

China has maintained an artificial sun at 120 million degrees Celsius for over 100 seconds, which is a new world record. I'm impressed, but I wish this wasn't the country that shrugs when their satellites fall out of the sky. More

Housing inventory is down 37% over year to a record low. Only San Francisco and New York have a bump in inventory. Lumber prices are up 300% and 63% of one sample had bid on houses they've never seen. More

Median home prices are up 19% over a year ago, and are at the highest point since 1999. More

We're at an all-time high number of smokers, at 1.1 billion. Rates are dropping, especially in the west, but population growth in China and India has lead to overall numbers being higher than ever. An estimated 8 million died from smoking in 2019. More


Convincing and Belonging — I think people's opinions are often tied to their identity, which is why it's so hard to change people's minds. When you're arguing with someone, think about what's at stake for them if they were to see things your way. It's often more than they're willing to pay. And ask the same about yourself as well. Would you lose a sense of belonging to a group if you were to change your mind about certain topics?

Lab Leak Theory Insanity — This lab leak theory stuff is just insane. Walk with me here. There are many labs (I counted around 50) that deal with extremely dangerous pathogens, and it's widely known within the space that we have—internationally—a problem with safety. Not only have we had many leaks and accidents all over the world in the last couple of decades, but experts in the space have been blowing the whistle about the issue for years. They're screaming at full volume that this is a problem. They write papers. They give interviews. They give talks. They were before COVID, and they still are. So if this thing actually came out of a lab in China, that would be bad, but it's not the news most people think it is. Similar leaks have happened in the US and UK. And the supposed news that Fauci may have funded the lab that the leak might have come from? Um, he's been involved in virus research for decades, and is closely tied to how money gets distributed for research. This is like finding out that a plane crashed somewhere, yet some guy sent money to a related place to research air travel safety. You can still have accidents even if the point of the research is safety. Another analogy would be testing of bullet-proof vests. If you donate money to a place that does that research it's not a conspiracy if someone gets injured during live testing of one of the vests. Instead, just like a plane crash, it's another instance of what we're trying to avoid, and a call to double down on safety. So, yeah, big conspiracy—the guy who's famous for virus research sent some of his virus research organization's money to (among others) one of the labs that does—wait for it—virus research. Riveting.


I just got done re-reading Practical Vim, by Drew Neil, and redoing my entire (Neo)Vim config. I started this journey by learning a ton more while writing a new Vim article, so I decided to re-parse Drew's book and take notes, which lead to me redoing everything. Somehow I ended up changing my Zsh config in the process, basically going from zpresto back to ohmyzsh. This is my tech version of a meditation retreat, or spring cleaning. I absolutely LOVE optimizing my shell and Vim configs. Reminds me of walking into a book store. Endless self-enhancement. Vim Config Screenshot Shell Screenshot

The Vim tutorial I'm working on is going to be based on gradual steps. I'm basically taking Vim's functionality and breaking it into chunks, and then ordering them by difficulty. So it might end up having like 15 or 20 levels, with each having a very small amount to learn. I'm excited about revealing the depth of Vim in an approachable, tiered sort of way.

Currently going through this free online course at MIT called The Missing Semester of Your CS Education. More

I just renewed my Audible Annual (24 books) subscription for the third time in less than a year. Pretty sure I'm way over 60 books read so far.

One of our UL Community members, Tim Leonard, built himself a Dogebago and is currently driving it across the country. More


[ Sponsored Discovery ] Thinkst Canary Tokens — Most companies discover they've been breached way too late. Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Physical, VM, and Cloud-based Canaries are deployed and loved on all 7 continents. Explore

Is This a Cyberattack? — A public service website that indicates whether something they've heard about in the news was an actual cyberattack. Teaser: the Colonial attack wasn't. More

A privacy tech worker explains how being at his mom's house for a week resulted in him receiving ads for her toothpaste. More

SecLists 2021.2 Release — This release includes multiple updates from the community. Thanks to g0tmi1k for all the hard work on maintaining updates! More

Synthesia.io — Create your own AI video by writing a script and picking a model to perform it. More

Pentesting Mindmaps More

The Feynman Lectures Audio Collection More

What Cybersecurity Can Learn From Video Games. More

Deepfakes, but for Maps More

A new-ish technique allows pentesters to use captured NT hashes in attacks even if they've not been cracked. More

FindAReddit — Find Subreddits for your favorite niche. More

How Well Can You Distinguish High-res Audio? More

Public Pentesting Reports More

Drunk Post: Things I've Learned as a Sr. Engineer — Someone gets drunk and gets way too honest about the life of a programmer. More

A Writing Tip I Learned at Oxford More


David Perell has compiled a great list of paradoxes in modern life. More


“Nothing is more persuasive than the opinion you desperately want to believe is true.”

~ Morgan Housel