Unsupervised Learning Newsletter NO. 375
6 Post-GPT Phases, Github’s Private Key, New Assistant Interfaces
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.
Happy Monday! I hope you're doing well,
I believe the explosion of intelligence we're currently seeing is not just a tech event, but a civilizational event. To me, it's the most disruptive thing to happen to humans—probably ever—and that's why I'm thinking and creating so much around it. I thought about changing the structure of the show to emphasize this, but I think the 'security, tech, and humans' vibe is still the right characterization.
Thanks for being part of this. Let's jump into the week!
Github Key Rotation
GitHub rotated its private RSA SSH key after it was ephemerally exposed in a public repository. This only applies to its RSA key; its ECDSA and ED25519 keys were unaffected. The new key is SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. MORE | KEYS
CISA Ransomware Warning System
CISA has created a new program that alerts critical infrastructure providers if they have vulnerabilities associated with ransomware campaigns. I absolutely love what CISA is doing right now. It's like they're a scrappy startup where most previous cybersecurity efforts in government were all Oracle. THE RVWP PROGRAM
Unpublished ChatGPT Plugins
My buddy Joseph Thacker found over 80 unpublished ChatGPT plugins by tinkering with the API. And he could not only view them but install them! He got with the security team and they fixed the issue very quickly. MORE | FOLLOW JOSEPH
ChatGPT Data Leak
ChatGPT had a situation last week where users were able to see chat histories and email addresses that didn't belong to them. OpenAI said in their post-mortem that the issue was caused by an open-source bug in the Redis client. MORE | OPENAI's POST-MORTEM
Get SOC 2 in Weeks Not Months
Let Secureframe unblock opportunities and accelerate your sales cycle without the need to invest in new resources or overburden your team.
From comprehensive compliance policy templates to over 150 integrations with your core technology services, the Secureframe platform significantly increases the speed with which organizations can confidently begin a SOC 2 audit, without increasing overhead or slowing your team down.
Schedule a personalized demo to let us show you how.
Zoom Paid $3.9 Million in Bounties
Zoom paid basically $4 million in bounties in 2022, which is a great number, but I always feel like the numbers are too low. Their total number with HackerOne since 2019 is over $7 million. They're also rollout their own vulnerability reporting system which they're calling VISS, which will rank bugs based on 13 aspects of their impact. MORE
Cisco Patches IOS
Cisco has published its semiannual (twice a year) IOS and IOS XE security advisory bundle. It includes 10 vulnerabilities, including six rated High. Three of them can be exploited to cause a DoS condition remotely. MORE
The Last of Us in Real Life
The CDC says there's a drug-resistant fungus running rampant at health care facilities, and they're calling it an 'urgent threat'. It's called Candida Auris, and cases tripled from 2020 to 2021 totaling 4,041. It kills one in three patients by invading the blood, brain, and heart. MORE
You've Got Assets? We've Got Answers
JupiterOne collects more asset data than any other provider, and shows you the relationships between those assets in seconds. It's not just about connectors and data; it's about the types of questions you can ask to get the relevant answers for your security program.
We go beyond endpoints, IP addresses, users, and devices, and ingest data from CSPs, SaaS apps, code repos, IAM policies, security controls, vulnerability findings, and more. This enables you to ask questions like: "What internet-facing applications are running systems affected by log4j, and who owns those systems?"
It's not just about collecting your data. You have to be able to ask complex and real-world questions that help your security program.
ChatGPT Now Connects to the Internet
Only a week after releasing GPT-4, OpenAI connected ChatGPT to the internet. A lot of us knew this was coming, but I thought it would take months, if not over a year. Nope, they did it in a week. What's so extraordinary about it is they basically wrote a framework for replacing companies' entire businesses as plugins. Or at the very least, it turned them into APIs. Suddenly it becomes very important to return great results in your API, because that might soon be all people care about. MORE
Character.ai Enters the Chat
OpenAI has a new competitor called Character.ai that "offers AI chatbots that allow users to chat and role-play with, well, anyone — living or dead, real or imagined." That's compelling in a world full of loneliness and isolation. So you can talk to anyone from yourself, to Shakespeare, to Jean Luc Picard. MORE | WEBSITE
Adobe Goes Generative
Adobe has entered the Generative AI space with its own offering called Firefly. It's early, but the ability to select objects and areas and have the model create iterations is quite awesome. You can also select an area and tell it to make something completely new using text. MORE
Bing Visits Up 16%
Bing is up 16% in visits and Google is down 1% through February. I'd expected a more drastic hit, honestly, but I suppose that'll take time. MORE
Altman Has No Stock in OpenAI
There are numerous reports now saying Sam Altman, the CEO of OpenAI, has no equity in the company. I guess that's easier to do when you've got a couple hundred million in the bank. Still cool, though. MORE | SEMAFOR ARTICLE
Tesla Penalizing Night Driving
Tesla owners appear to be getting penalized for driving at night. Tesla maintains a safety score on every driver, and one user reported that their score went down because they drove home from the airport at 3AM. I'm not sure how I feel about this actually, but I do find it interesting. Like, is it intrusive? Yes. Is it likely accurate? Probably. MORE
Over 40% of Americans Support Banning TikTok
In other news, Americans also support eating healthy. Do they do it? That's another matter. The biggest news last week on this front was seeing how bad it is for a democracy to have a country run by old people who know nothing about technology. MORE
South Korea Birth Rate
South Korea has the world's lowest fertility rate. Experts cite the rising cost of living, prioritizing work over starting a family, and a marriage rate decline of over 35%. MORE
IDEAS & ANALYSIS
How AI Will Replace Today's Degrees and Certifications
Instead of degrees for completing X number of courses, AI will perform long, multi-day interviews on the topic of your degree. FULL THREAD
3 Protections for Knowledge Workers
I think there are three things that will postpone knowledge work replacement by AI for a given person.
Be an SME
Create the AI Tech
Be a Polymath Implementer
AI systems need data and wisdom to put into the models, and it's the SMEs that will be creating that for the foreseeable future. You'll also need people to continue making the AI tech itself. And finally you have the generalists who are good with people, good with finding the hidden problems, and good at using the AI tools to solve those issues. Ask yourself which of these you are, and which your loved ones are going to be if they're currently in school. FULL THREAD
Kurzweil is Looking Pretty Good Right Now
Kurzweil has said AI would reach human intelligence levels around 2029, and outpace us a billion-fold by 2045. People laughed at him for being way too early. Fewer people are laughing now, and there's a real chance that he will end up not being aggressive enough in his estimates. KURZWEIL'S PREDICTIONS
🔥 My best homie Jason Haddix has started his own newsletter! He'll be talking in a voice all his own on the topics of hacking and security leadership. I've already seen a draft of the first issue and I can say for sure it's going to be one of the best newsletters in our security space. Go sign up immediately! ANNOUNCEMENT | SIGN UP
I think I just decided not to drink at home. For me it's purely a social, friends, conference, and Vegas thing from now on. Huberman was my tipping point. FULL THREAD
I'm getting ready to launch my API platform in the next couple of weeks, with a big push happening for RSA. Can't wait!
I wrote my first mobile app using GPT-4 the other day. Took me like 30 minutes. It's a front-end to my APIs, and I can't believe I went from iOS development being too kludgy to mess with, to making an app in 30 minutes in just a few weeks. GPT-4 has magnified my creativity and productivity by many orders of magnitude.
⚒️ Nuclei OSINT — You can now look up all the platforms where a username exists using Project Discovery's Nuclei! MORE
⚒️ MacGPT — A menubar option for invoking ChatGPT on Mac. MORE | by JORDI BRUIN
📢 [Sponsor] — Does it take you weeks or months to get SOC 2 compliant? Speed up your sales cycle using over 150 integrations and comprehensive policy templates. Make the business happy by getting compliant without slowing down the team. LEARN MORE
The Secret History of Elon Musk, Sam Altman, and OpenAI MORE
Sam Altman on the Lex Fridman Podcast WATCH
How John Wick Changed Movies Through World-building MORE
Managers Exploit Loyal Workers Over Less Committed Colleagues MORE
📢 [Sponsor] — Can you answer complex questions about what assets you have, which are facing the internet, and who owns those systems so you can get them fixed if there's a new vulnerability? If not, you should look at JupiterOne. It's like a unified question-answering platform powered by your own assets. LEARN MORE
Someone hacked together a very early Her interface. MORE
The Age of AI Has Begun MORE
Here's another crazy AI interface that gives you awesome things to say in real-time conversation. MORE
Choose What to Dream Tonight MORE
Real-time AI Detection of Feelings in Video MORE
Natural Language APIs Are Coming MORE
A Dozen Things I've Learned from Charlie Munger About Moats MORE
RECOMMENDATION OF THE WEEK
All this AI stuff is exciting, but it's also depressing. Especially for those who like human-based, personal, and cozy communities. Don't worry. This is going to change things for the worse in many ways, but it'll improve things as well. And there will be many movements that push to put AI (and tech in general) in the background of human interactions. I'll likely be one of them. AI was going to come no matter what. It was only a question of when. It's up to us to find ways to use it to amplify our humanity rather than squelch it. We can do that. And we need your help—Tim.
APHORISM OF THE WEEK
"The future is not some place we are going, but one we are creating."
Earn rewards for sharing UL…
You can now earn rewards by sharing UL with others! Share to earn:
- 5 Shares -> A PDF on How to Thrive in a World Full of AI
- 10 Shares -> 25% Off UL Membership
- 20 Shares -> 50% Off UL Membership
- 50 Referrals -> A Private 30-minute Mentoring Session With Daniel
- BONUS: Plus, each referral is an entry to win a pair of AirPods Pro 2 on May 31st!
- Congrats to Charles Blas for winning the first AirPods Pro 2 giveaway on February 28th!