- Unsupervised Learning
- Posts
- UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects
UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects
My favorite 2 AI projects, US spending habits, and your security program is sh*t…
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOC
Hey there,
Big things I’m thinking about this week:
Getting to hang with my friends and plan career and life trajectories this week! Cannot wait!
More time with Apple Vision Pro
I’m creating a second product (more to come on that)
The first big product is coming along REALLY well
Fabric is going crazy. Lots of interest.
I hope you have a great week!
Let’s get into it…
MY WORK
🥽My First Impressions of the Apple Vision Pro MORE
How (Specifically) AI Will 100x Human Creativity and Output MORE
👉The Fabric Project on Github is blowing up! I put a couple of hours of work this weekend into the quality of the README.md and documentation (and a demo video), and I’d love it if you could head over and give us a ⭐️. STAR US
SECURITY
DEFCON is moving to the Las Vegas Convention Center this year. Caesers canceled their contract together, with speculation being that it had to do with the MGM hack. Can’t wait to see what they do with the bigger space! MORE
Anydesk got hacked real bad. Another piece of tech I’d not heard much about until I find out everyone uses it. MORE
Sponsor
Enhance Enterprise Security: Trust Every Device with Kolide!
When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.
These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.
Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.
Someone in finance paid out $25 million in a BEC scam because a deepfake video convinced them they were talking to real people. This is about to seriously make it more difficult to validate the person on the other end of the call. MORE
Cloudflare got hit by a suspected state-sponsored actor. The attackers exploited credentials stolen from the October 2023 Okta hack to infiltrate Cloudflare's internal systems on November 14, revealing the incident nine days later. MORE
The FBI says scammers are using couriers to swipe seniors' life savings by convincing them to buy precious metals. From May to December last year, victims lost over $55 million to these scams, with seniors being the prime targets. MORE
We’re learning from ransomware attacks. Only 29% of victims decided to pay in the last quarter of 2023, which is the lowest rate ever. It appears the big decrease from 85% in 2019 is mainly because people are more informed and ready, like having decent backups. MORE
💡I’ve always seen ransomware as a continuous global red team with dire consequences. It’s good to hear some good news on this front, with fewer people paying. That means the operation is working.
The Shadowserver Foundation found 45,000 Jenkins instances exposed online, which are vulnerable to a critical flaw that's being exploited in the wild. MORE
Bruce Schneier warns that AI could enable mass spying by analyzing the vast data that governments and companies already collect. He argues that while traditional spying requires human effort to interpret conversations, AI's ability to understand and process language will allow for spying on a scale previously unimaginable. This is exactly what this week’s essay is about. MORE
Nightshade has exploded with 250,000 downloads in just five days. It’s a tool to stop AI from copying art. I personally don’t get it. This type of thing won’t stop AI from happening, or AI from incorporating human art. It’s a flash-reaction, sourced in fear, to something inevitable. There are bad parts of that inevitability, but our time is better spent trying to address those rather than looking for ways to stop this from happening. MORE
The FCC is looking to outlaw AI-generated robocalls, especially those using voice cloning tech like the recent incident where a deepfake was used to attempt voter suppression in New Hampshire. MORE
Vulnerabilities
⚠️ SCHNEIDER RANSOMWARE — Schneider Electric's Sustainability Business hit by Cactus ransomware, terabytes of data stolen. | SEVERITY: HIGH | RESPONSE: Company is performing remediation and containment, with no other divisions affected. MORE
🪳GITLAB FILE FLAW — GitLab patched a critical flaw allowing file overwrite during workspace creation. | CRITICAL | 9.9 | MORE
🪳 GLIBC FLAW ALERT — A new glibc flaw allows root access on major Linux distros. | CRITICAL | CVE-2023-6246. MORE
TECHNOLOGY
Neuralink has successfully implanted its first brain chip in a human. The device, aimed at enabling control of external devices through thought, was placed in a patient who is part of clinical trials targeting individuals with severe mobility impairments. I seriously hope it goes well. MORE
Meta is making tons of money again, and crushed tech stocks with a 25% revenue jump to over $40 billion. This growth outshone its projections and even hinted at a potential acceleration to 29% in the next quarter. He’s got so many great properties (FB, IG, etc.), and he’s off the metaverse thing and now onto AGI. They’re on fire right now. The good kind. MORE
China has approved over 40 AI models for public use in just six months. It’s part of a broader effort to compete with the U.S. in AI. It’s crazy how many advantages and disadvantages they have when it comes to tech. On the one hand, they can make immediate policy changes, but on the other hand, they’re afraid of their people becoming too free. MORE
The New York Times is looking to blend AI with traditional journalism. They're assembling a team led by Zach Seward to prototype AI and machine learning for reporting and presentation enhancements. Makes sense to me. Like, how could they not? MORE
John Deere is working with SpaceX to bring satellite internet to farmers. MORE
YouTube Music and YouTube Premium now have over 100 million subscribers worldwide. I am using YouTube more and more myself, and music is one of the main use cases. I mean, it’s getting so good that I wonder when Google will kill the project. MORE
Starlink is turning its satellites into mobile phone towers. They’re testing it now, and it’s working. Pretty impressive. I love this version of Elon. MORE
Zoom has an Apple Vision Pro app, and it lets people join as their Persona, which is like a cartoon avatar of themselves. Mine looks pretty bad, but unfortunately, it is pretty realistic. MORE
HUMANS
I am convinced that the 8 pillars of Mental & Physical Health are:
1) Sleep
2) (Sun)light
3) Exercise
4) Stress Management
5) Relationships (Incl. To Self)
6) Nutrients (Amt., Timing, Content)
7) Oral Health & Gut Microbiome
8) Spiritual Grounding
Additions? Subtractions?— Andrew D. Huberman, Ph.D. (@hubermanlab)
11:45 PM • Feb 1, 2024
A recent Ipsos poll shows that 63% of employees making over $100,000 can work from home, compared to only 32% of those making under $50,000. I’d expect that gap to widen as you move up and down the scale. So, people making more than $250K, vs. people making $30K. The sad part is that freedom and luxury are what make people freer to be worth more. MORE
New data shows the bottom 80% of US households consistently spend more than they earn. The data comes from the Bureau Economic Analysis' newly released Distribution of Personal Income Accounts, which for the first time provides a clear view into the spending habits of different income groupings over the past two decades. It turns out, only the top 20% of households are consistently putting money away. MORE
95% of container ships are now going around Africa's southern tip due to avoid Houthi attacks in the Red Sea. The route change adds 10-14 days of travel, which has all sorts of implications. MORE
Conservative social media is circulating conspiracies that the NFL is rigging games to favor Taylor Swift and her boyfriend's team, all to boost President Biden's image before the election. MORE
IDEAS & ANALYSIS
Punished for Good Behavior
Not fully confirmed, but I heard a friend say that the reason Goldman Sachs got crushed by the Apple Card deal, and had to pull out, is because the Apple Card customers were paying on time! Which is horrible for banks. They make all their money on people being overburdened, overstretched, and paying late. Assuming it’s true, I’m so happy about this.
Apple is LifeOS
I write about this every few years, but with Vision Pro I think it’s time to mention it again. Apple is winning because they’re slowly and methodically building LifeOS. They’re building a massive ecosystem for enhancing everything in your life. And when they think about products, they think about how they work together. If you think about what tech will look like in 25 years, where your house works with your car, and your mobile device, and your contact lenses for AR/VR, and all your finances are integrated with everything. You can pay with a gesture. You can talk to your AI assistant and they can do everything for you. It’ll all be part of your basic tech ecosystem. Now imagine that being GMail and Fitbit. You can’t, really, because Google is throwing random stuff at a wall to see if it makes a lot of revenue. And if it doesn’t, they kill it. Apple is the only one thinking properly about, and executing on, the concept of a unified LifeOS. And that’s why they’re winning. And because of that, the government’s about to step in and ask them why everyone likes their stuff, and demand they get broken up. I wish they’d just tell the truth in court. “People are only using us because the alternatives are so bad. We’re the only people building LifeOS, so it’s no wonder that people come to us.”
NOTES
Much love to Jonathan Dunn (@xssdoctor) for creating the client for the Fabric project. We’ve got it in a pretty good state now, and the client and documentation are now live! MORE
I demand a show like Black MIrror, but for the POSITIVE possibilities.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️ (@DanielMiessler)
1:55 AM • Feb 5, 2024
DISCOVERY
Ok, here are the two of the best projects in AI right now, along with Fabric, if I may say so myself… 😃
CrewAI — In my opinion, this is the best AI Agent framework out there. In other words, this, or something like it, is how we’re going to get to AGI. It just gets more powerful when you add better models. by João Moura | MORE
Wishful Search — This project lets you throw random data of any kind into a bin, and then you can ask questions as if you spent days writing perfect SQL. It’s actual magic, and it’s not getting near enough attention. | by Hrishi Olickel | MORE
If you’re not watching these two projects, go fix that!
🧵 fabric — My open-source framework for augmenting humans with AI. The idea is to have granular AI solutions for all the different use cases we need to solve in real life. | by Daniel Miessler | MORE
🖥️ Plock — Stream outputs from an LLM or any script directly into your text editor, all in real-time and locally. | by jasonjmcghee | MORE
🔍 SigFinder — Quickly spot binaries signed to internal CAs/domains. MORE
🔬 MLX — A machine learning array framework optimized for Apple silicon. | by ml-explore | MORE
🔉Insanely Fast Whisper — It can transcribe 2.5 hours of audio in under 98 seconds using OpenAI's Whisper Large v3. | by Vaibhav Srivastav | MORE
🤖Attabit — An AI-powered news site. This is the future, folks. If you provide news rather than analysis/opinion that is much harder to copy, this is what you’re up against. | MORE
🤖Signals — Signals is a curated collection of links to major stories from around the web, enhanced by an AI tool named MISO ("multilingual insight search optimizer") that helps reporters efficiently find diverse stories in various languages. MORE
If you’re not using Perplexity yet, it’s worth playing with. Think: AI Google. MORE
I need one of these neck lamps for reading in bed without waking her up. MORE
Even intelligence agencies are overwhelmed by too much data. MORE
Apple's machine learning team introduced MLX, a new way to use AI apps, but optimized for Apple silicon. MORE
Your Security Program is Sh*t — A rant on how many security programs are shams where external consultants are valued over internal expertise. Talks about how cybersecurity is often sidelined until corporate mandates force action, leading to a superficial compliance process that prioritizes appearances over actual security. Pretty good piece. MORE
Vantage has launched a standalone Kubernetes cost-monitoring agent, slashing resource usage significantly. The new agent consumes up to 99% less vCPU and 97.9% less memory than previous solutions, streamlining Kubernetes cost monitoring by adhering to the Unix Philosophy of simplicity and efficiency. | by Vantage | MORE
Current Software Engineers Have No Deep Knowledge MORE
The Seven Laws of Pessimism MORE
One-shot Prompting Magic MORE
What if Christensen's disruption theory is outdated? The piece explores how recent examples like the iPhone and Tesla challenge Clayton Christensen's classic theory that cheaper, "good enough" products disrupt markets. | by Anshu Sharma | MORE
RECOMMENDATION OF THE WEEK
Schedule dedicated time to hang with your closest friends. It won’t always happen otherwise, and you need “belly showing time” to stay close.
It’s not real if it’s not on the calendar.
APHORISM OF THE WEEK
The world is changed by your example, not by your opinion.
—
Thank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Yours,