• Unsupervised Learning
  • Posts
  • UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects

UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects

My favorite 2 AI projects, US spending habits, and your security program is sh*t…

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

Hey there,

Big things I’m thinking about this week:

  • Getting to hang with my friends and plan career and life trajectories this week! Cannot wait!

  • More time with Apple Vision Pro

  • I’m creating a second product (more to come on that)

  • The first big product is coming along REALLY well

  • Fabric is going crazy. Lots of interest.

I hope you have a great week!

Let’s get into it…

MY WORK

🥽My First Impressions of the Apple Vision Pro MORE

How (Specifically) AI Will 100x Human Creativity and Output MORE

The demo movie on the Fabric README.md

👉The Fabric Project on Github is blowing up! I put a couple of hours of work this weekend into the quality of the README.md and documentation (and a demo video), and I’d love it if you could head over and give us a ⭐️. STAR US

SECURITY

DEFCON is moving to the Las Vegas Convention Center this year. Caesers canceled their contract together, with speculation being that it had to do with the MGM hack. Can’t wait to see what they do with the bigger space! MORE

Anydesk got hacked real bad. Another piece of tech I’d not heard much about until I find out everyone uses it. MORE

Sponsor

Enhance Enterprise Security: Trust Every Device with Kolide!

When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.

These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.

Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.

Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Someone in finance paid out $25 million in a BEC scam because a deepfake video convinced them they were talking to real people. This is about to seriously make it more difficult to validate the person on the other end of the call. MORE

Cloudflare got hit by a suspected state-sponsored actor. The attackers exploited credentials stolen from the October 2023 Okta hack to infiltrate Cloudflare's internal systems on November 14, revealing the incident nine days later. MORE

The FBI says scammers are using couriers to swipe seniors' life savings by convincing them to buy precious metals. From May to December last year, victims lost over $55 million to these scams, with seniors being the prime targets. MORE

We’re learning from ransomware attacks. Only 29% of victims decided to pay in the last quarter of 2023, which is the lowest rate ever. It appears the big decrease from 85% in 2019 is mainly because people are more informed and ready, like having decent backups. MORE

💡I’ve always seen ransomware as a continuous global red team with dire consequences. It’s good to hear some good news on this front, with fewer people paying. That means the operation is working.

The Shadowserver Foundation found 45,000 Jenkins instances exposed online, which are vulnerable to a critical flaw that's being exploited in the wild. MORE

Bruce Schneier warns that AI could enable mass spying by analyzing the vast data that governments and companies already collect. He argues that while traditional spying requires human effort to interpret conversations, AI's ability to understand and process language will allow for spying on a scale previously unimaginable. This is exactly what this week’s essay is about. MORE

Nightshade has exploded with 250,000 downloads in just five days. It’s a tool to stop AI from copying art. I personally don’t get it. This type of thing won’t stop AI from happening, or AI from incorporating human art. It’s a flash-reaction, sourced in fear, to something inevitable. There are bad parts of that inevitability, but our time is better spent trying to address those rather than looking for ways to stop this from happening. MORE

The FCC is looking to outlaw AI-generated robocalls, especially those using voice cloning tech like the recent incident where a deepfake was used to attempt voter suppression in New Hampshire. MORE

Vulnerabilities

⚠️ SCHNEIDER RANSOMWARE — Schneider Electric's Sustainability Business hit by Cactus ransomware, terabytes of data stolen. | SEVERITY: HIGH | RESPONSE: Company is performing remediation and containment, with no other divisions affected. MORE

🪳GITLAB FILE FLAW — GitLab patched a critical flaw allowing file overwrite during workspace creation. | CRITICAL | 9.9 | MORE

🪳 GLIBC FLAW ALERT — A new glibc flaw allows root access on major Linux distros. | CRITICAL | CVE-2023-6246. MORE

TECHNOLOGY

Neuralink has successfully implanted its first brain chip in a human. The device, aimed at enabling control of external devices through thought, was placed in a patient who is part of clinical trials targeting individuals with severe mobility impairments. I seriously hope it goes well. MORE

Meta is making tons of money again, and crushed tech stocks with a 25% revenue jump to over $40 billion. This growth outshone its projections and even hinted at a potential acceleration to 29% in the next quarter. He’s got so many great properties (FB, IG, etc.), and he’s off the metaverse thing and now onto AGI. They’re on fire right now. The good kind. MORE

China has approved over 40 AI models for public use in just six months. It’s part of a broader effort to compete with the U.S. in AI. It’s crazy how many advantages and disadvantages they have when it comes to tech. On the one hand, they can make immediate policy changes, but on the other hand, they’re afraid of their people becoming too free. MORE

The New York Times is looking to blend AI with traditional journalism. They're assembling a team led by Zach Seward to prototype AI and machine learning for reporting and presentation enhancements. Makes sense to me. Like, how could they not? MORE

John Deere is working with SpaceX to bring satellite internet to farmers. MORE

YouTube Music and YouTube Premium now have over 100 million subscribers worldwide. I am using YouTube more and more myself, and music is one of the main use cases. I mean, it’s getting so good that I wonder when Google will kill the project. MORE

Starlink is turning its satellites into mobile phone towers. They’re testing it now, and it’s working. Pretty impressive. I love this version of Elon. MORE

Zoom has an Apple Vision Pro app, and it lets people join as their Persona, which is like a cartoon avatar of themselves. Mine looks pretty bad, but unfortunately, it is pretty realistic. MORE

HUMANS

A recent Ipsos poll shows that 63% of employees making over $100,000 can work from home, compared to only 32% of those making under $50,000. I’d expect that gap to widen as you move up and down the scale. So, people making more than $250K, vs. people making $30K. The sad part is that freedom and luxury are what make people freer to be worth more. MORE

New data shows the bottom 80% of US households consistently spend more than they earn. The data comes from the Bureau Economic Analysis' newly released Distribution of Personal Income Accounts, which for the first time provides a clear view into the spending habits of different income groupings over the past two decades. It turns out, only the top 20% of households are consistently putting money away. MORE

95% of container ships are now going around Africa's southern tip due to avoid Houthi attacks in the Red Sea. The route change adds 10-14 days of travel, which has all sorts of implications. MORE

Conservative social media is circulating conspiracies that the NFL is rigging games to favor Taylor Swift and her boyfriend's team, all to boost President Biden's image before the election. MORE

IDEAS & ANALYSIS

Punished for Good Behavior
Not fully confirmed, but I heard a friend say that the reason Goldman Sachs got crushed by the Apple Card deal, and had to pull out, is because the Apple Card customers were paying on time! Which is horrible for banks. They make all their money on people being overburdened, overstretched, and paying late. Assuming it’s true, I’m so happy about this.

Apple is LifeOS
I write about this every few years, but with Vision Pro I think it’s time to mention it again. Apple is winning because they’re slowly and methodically building LifeOS. They’re building a massive ecosystem for enhancing everything in your life. And when they think about products, they think about how they work together. If you think about what tech will look like in 25 years, where your house works with your car, and your mobile device, and your contact lenses for AR/VR, and all your finances are integrated with everything. You can pay with a gesture. You can talk to your AI assistant and they can do everything for you. It’ll all be part of your basic tech ecosystem. Now imagine that being GMail and Fitbit. You can’t, really, because Google is throwing random stuff at a wall to see if it makes a lot of revenue. And if it doesn’t, they kill it. Apple is the only one thinking properly about, and executing on, the concept of a unified LifeOS. And that’s why they’re winning. And because of that, the government’s about to step in and ask them why everyone likes their stuff, and demand they get broken up. I wish they’d just tell the truth in court. “People are only using us because the alternatives are so bad. We’re the only people building LifeOS, so it’s no wonder that people come to us.”

NOTES

Much love to Jonathan Dunn (@xssdoctor) for creating the client for the Fabric project. We’ve got it in a pretty good state now, and the client and documentation are now live! MORE

DISCOVERY

Ok, here are the two of the best projects in AI right now, along with Fabric, if I may say so myself… 😃 

  1. CrewAI — In my opinion, this is the best AI Agent framework out there. In other words, this, or something like it, is how we’re going to get to AGI. It just gets more powerful when you add better models. by João Moura | MORE

  2. Wishful Search — This project lets you throw random data of any kind into a bin, and then you can ask questions as if you spent days writing perfect SQL. It’s actual magic, and it’s not getting near enough attention. | by Hrishi Olickel | MORE

If you’re not watching these two projects, go fix that!

🧵 fabric — My open-source framework for augmenting humans with AI. The idea is to have granular AI solutions for all the different use cases we need to solve in real life. | by Daniel Miessler | MORE

🖥️ Plock — Stream outputs from an LLM or any script directly into your text editor, all in real-time and locally. | by jasonjmcghee | MORE

🔍 SigFinder — Quickly spot binaries signed to internal CAs/domains. MORE

🔧 Ruff v0.2.0 — A super-fast Python linter and formatter, now better. | by astral | MORE

🔬 MLX — A machine learning array framework optimized for Apple silicon. | by ml-explore | MORE

🔉Insanely Fast Whisper — It can transcribe 2.5 hours of audio in under 98 seconds using OpenAI's Whisper Large v3. | by Vaibhav Srivastav | MORE

🤖Attabit — An AI-powered news site. This is the future, folks. If you provide news rather than analysis/opinion that is much harder to copy, this is what you’re up against. | MORE

🤖Signals — Signals is a curated collection of links to major stories from around the web, enhanced by an AI tool named MISO ("multilingual insight search optimizer") that helps reporters efficiently find diverse stories in various languages. MORE

If you’re not using Perplexity yet, it’s worth playing with. Think: AI Google. MORE

I need one of these neck lamps for reading in bed without waking her up. MORE

Even intelligence agencies are overwhelmed by too much data. MORE

Apple's machine learning team introduced MLX, a new way to use AI apps, but optimized for Apple silicon. MORE

Your Security Program is Sh*t — A rant on how many security programs are shams where external consultants are valued over internal expertise. Talks about how cybersecurity is often sidelined until corporate mandates force action, leading to a superficial compliance process that prioritizes appearances over actual security. Pretty good piece. MORE

Vantage has launched a standalone Kubernetes cost-monitoring agent, slashing resource usage significantly. The new agent consumes up to 99% less vCPU and 97.9% less memory than previous solutions, streamlining Kubernetes cost monitoring by adhering to the Unix Philosophy of simplicity and efficiency. | by Vantage | MORE

Current Software Engineers Have No Deep Knowledge MORE

The Seven Laws of Pessimism MORE

One-shot Prompting Magic MORE

What if Christensen's disruption theory is outdated? The piece explores how recent examples like the iPhone and Tesla challenge Clayton Christensen's classic theory that cheaper, "good enough" products disrupt markets. | by Anshu Sharma | MORE

RECOMMENDATION OF THE WEEK

Schedule dedicated time to hang with your closest friends. It won’t always happen otherwise, and you need “belly showing time” to stay close.

It’s not real if it’s not on the calendar.

APHORISM OF THE WEEK

The world is changed by your example, not by your opinion.

Paulo Coelho

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,