Unsupervised Learning Newsletter NO. 330

News & Analysis

MEMBER EDITION  | EP. 330 | MAY 9 2022
 

SECURITY NEWS

Apple, Google, and Microsoft have announced quickening support of "passwordless" authentication on their platforms. This is fantastic news, but it's a bit of a misnomer. What it really means in practice is that the 2FA portion of authentication, meaning the additional factor(s) beyond your password, won't involve being given a password or a pin that you then pass on to the application. That's huge, and that's awesome, but you still start by entering a password before you get to that step. Anyway, very cool news that everyone is agreeing to accelerate to this for 2FA. More

NIST has released a new publication on managing cybersecurity supply chain risk. 800-161r1's main section covers the integration of cyber supply chain risk management into enterprise risk management, and also lays out critical risk factors for doing so. More

If you submit code to Github you'll be forced to enable 2FA by the end of 2023. More

Sponsor

Level-Up the Security of your Company's CMS with Storyblok
 

More and more cybersecurity companies are ditching their traditional CMS and moving to a Headless CMS platform. Going headless provides the highest level of security and allows you to publish on any front end.

By using an API-first platform like Storyblok you get:

  • Faster performance

  • Content CDN

  • Easier integrations

  • User-friendly editing

  • Enterprise-grade security

Mozilla did security analysis on a bunch of mental health apps and found that they are more insecure than most categories of app. More

OpenSea's Discord channel got hacked due to someone posting a malicious link as a trusted person. Phishing Discord admins, compromising them, and then posting malicious links as them is the top attack method for going after Discord communities right now. More

Vulnerabilities:

  • Android | Actively Exploited Vulnerability | 7.8 More

  • Cisco NFVIS Multiple Flaws | Up to VM Escape | 9.9 More

  • F5 BIG-IP Vulnerabilities | 18 Issues | Up to Critical More

  • QNAP | 9 New Flaws | Arbitrary Commands More

Companies:

  • Tailscale has raised another $100 million to continue building zero-trust VPN technology. More

  • Teleport has raised another $110 million to reimagine identity and access control, becoming security's latest unicorn. More


TECHNOLOGY NEWS

Bitcoin has lost 50% of its value vs. its high in November. More

California's governor issued an executive order on crypto. It basically says, "We're watching and we're about to become active in the space.", meaning likely consumer protections and potentially some sort of blockchain-based services. This is very similar to what the Biden administration did recently. Basically saying we're going to make sure this stuff is safe, and we're also going to investigate playing in the space ourselves. More

Starbucks is getting into NFTs this year, promising "unique experiences and benefits". This seems like a decent fit to me. If you think about the gift cards they sell, with lots of different designs, that's not too far from adding more custom art to them and having them come with some kind of special features. More

TikTok will soon start to share ad revenue with its creators, but only for the top 4% of videos, and only for creators with more than 100,000 followers. More

Seed-firing drones are able to plant 40,000 trees a day to fight deforestation. More


HUMAN NEWS

Labor data says there are now two job openings for every unemployed person. More

People who took a new obesity drug that suppresses appetite lost an average of 22.5% of their body weight. More

Apple's director of machine learning has resigned, partially due to the requirement for people to come into the office. More

A meta-analysis of vitamin D deficiency and depression found that "Serum vitamin D levels inversely correlate with clinical depression, but the evidence is not strong enough to recommend universal supplementation in depression." More


CONTENT, IDEAS & ANALYSIS

Apple's Stupid Office Work Policy — According to MacRumors, Apple's current work-from-home policy is to work, "at least one day per week by April 11, at least two days per week by May 2, and at least three days per week by May 23". This is patently ridiculous. Are they not watching Covid stats? Can they not see that we're starting another surge? This is like the third time they've relaxed office work while Covid numbers were falling, and then increased office work while Covid was rising. People are quitting over it, and I don't blame them. And the most asinine part of this is that their retail stores aren't making the same mistake. They do the opposite. They start closing stores and requiring masks when Covid numbers go up, and they do the opposite when the numbers fall. Why would HR do the exact opposite for its office work policy? More


NOTES

I'm not sure what this is an indictment of, i.e., drugs in sports, or what, but when I heard about an 80/1 underdog (underhorse?) winning the Kentucky Derby I immediately thought one thing: "I wonder how long it'll take for the steroids stories to come out." I hate that I'm that cynical about sports, but horse racing has a serious problem with this and the result feels too good to be true. My inner Spock immediately called BS. I hope I'm wrong. And even if I'm not, it was still fun to watch 11 times. More

Against my better judgment, I'm going to read this new book, The Next Civil War. It's described as Dystopian Realism, which calls to me. More

I've started the migration of my Concepts page to Obsidian. It's both teaching me Obsidian and reminding me of all these cool ideas. I hope that the software is going to help me see the connections in interesting ways, which has always been the idea for that page. Like a Wisdom Genome. More

 

DISCOVERY

You can now remove your personal data from Google. More

NCC's analysis of how Lazarus starts attacks. More

A beginner's guide to solo roleplaying. More

[ CLI ] Bash-Oneliner — A massive collection of powerful Bash one-liners. More

[ Jobs Data ] Layoffs.fyi — A tracker for layoffs in the startup space. More

[ AWS Security ] Poro — Scan for publicly available assets within AWS. More

[ VPN Security ] These scripts allow you to set up an IPSEC VPN very quickly, but I prefer Algo, which uses Wireguard instead of SSH to do the same thing. More | Algo



RECOMMENDATION

Even if you don't have an office you can safely work in, I recommend changing your work venue. If you're like most you might have been doing your home office for a long time, and I find that I get tremendous energy from just changing the environment periodically. Give it a try if you haven't done so recently.


APHORISM

“They laugh at me because I'm different; I laugh at them because they're all the same."

— Kurt Cobain