Unsupervised Learning Newsletter No. 286

News & Analysis

MEMBER EDITION | No. 286 | Monday: June 21, 2021

SECURITY NEWS

Cybereason found in a study that 80% of companies that paid a ransom got hit again, and that 50% of those attacks came from the same threat actor. Lesson? Assume you're still completely compromised even after you pay and get decryption keys. And assume someone is coming back unless you take significant action. More

Google launched a new proposed solution to software supply chain attacks called SLSA (pronounced Salsa). It's a set of security guidelines that looks to provide end-to-end integrity of the software supply chain, and it has four levels: Level 1 requires that the build process be fully scripted/automated and that provenance is generated, and Level 4 requires a two-person review of all changes and a fully reproducible build process. I like that this exists, but I worry that few software organizations will be mature enough to use it in the short to mid-term. More

South Korea's Atomic Energy Research Institute (a think tank) says it was breached by North Korean attackers using a VPN vulnerability. They're currently evaluating the scope of the penetration and damage. More
 
Canon put AI cameras into its Chinese offices that only let in smiling workers. They said, apparently without irony, that they did it to improve morale. More

People in Texas are complaining that their energy companies are remotely accessing their smart thermostats to raise the temperatures in their homes during extremely hot days. It's evidently part of an agreement they signed, giving the companies the ability to save energy. That's a nope for me. More

Southwest has had to shutdown most of its operations, and ground hundreds of flights, due to multiple computer outages over two days. They said the outages were caused by weather data issues and network performance problems. More

Stripe has launched Stripe Identity, which lets you programmatically confirm the identity of users. I feel like a lot of identity startups just had a really bad week. More

Vulnerabilities:

  • Cisco issued updates for multiple products. More

Incidents:

  • CVS exposed 1.1 billion customers' data due to insecure cloud storage. More

  • A fertility clinic in Georgia disclosed a data breach after patient files were stolen during a ransomware attack. This is a reminder that ransomware can be an attack on confidentiality and integrity as well as availability. More


TECHNOLOGY NEWS

Spotify has purchased a podcast discovery service, Podz, to help bolster its podcasting play. Podz automates the processing of extracting key moments from podcasts. More

Many are upset with Google for performing or allowing a force-install of an Android-based COVID notification app in Massachusetts. Evidently the install happened silently and is hard to remove. More

It's Amazon Prime Day (June 21 and 22). More TVs Smart Home Gaming Work From Home

Starlink internet dishes go into thermal shutdown at 122 degrees Fahrenheit, and people with dishes in direct in hot areas are experiencing outages. More

Niantic, the creator of Pokémon Go, is making an AR Transformers game. More

Companies:

  • 23andMe merged with a Richard Branson SPAC. More

  • Neo4j has raised $325 million for graph-based analysis in the enterprise. More


HUMAN NEWS

Science is pointing to the idea that it wouldn't actually take long for an alien race to populate the galaxy with sub-light travel. This is adding weight to the question of, "If they should be so plentiful, where are they?". Here's one idea, if our silly selves could come up with the Prime Directive in the 1960's, maybe they're just hiding from us.

Japan's government is looking to encourage companies to offer employees a 4-day work week, but experts disagree about whether it'll be accepted or net-positive. More


CONTENT, IDEAS & ANALYSIS

Reality and Meaning — My casual thoughts on the hierarchy of truth and meaning. More


NOTES

I'm hoping to have a new living situation soon, with more room. I've been operating in kind of a limited state/capacity for many years, and that might be coming to an end. More room. More artistic expression. More exercise. Drastically improved diet. I expect my creative output to exponentially improve compared to the last year or two, and I can't wait.

One or two more weeks of bad podcast audio. Apologies. It'll be fixed soon, one way or the other.

Ben Sadeghipour, aka NahamSec, interviewed me on his show on Sunday, and the conversation was fantastic. It went nearly two hours and didn't feel long at all. Really enjoyed the conversation—especially around the intersections of hacking and real life. Tweet Ben's YouTube Channel

Reading: I've finished Lifespan, by David Sinclair, and I'm currently reading the new Kahneman book, Noise. I'm also re-reading Speaker for The Dead, which is our book club book!


DISCOVERY  

Modern Unix Tools — A collection of tools that replace standard UNIX/Linux options. I use a few of these and I think they're worth looking at. Particularly: lsd and ripgrep. More Ripgrep Release 13.0.0

Impaktek — A new newsletter that combines tech job openings. More

Eulogy.io — A GPT-3 powered eulogy generator. More

Future — A new essay site on the topic of the future, by a16z. More

Retrieving AWS Credentials from the CLI (Pentesting) More

Choosing Your North Star Metric More


RECOMMENDATIONS

Read this definition of Stoicism and do these 9 exercises to get started. It's a bit long, but it's a phenomenal intro to Stoicism's concepts if you're a newcomer. More


APHORISMS


“If it cost you your peace of mind, you overpaid.”

~ Rigel Dawson