Skip to content

Insane Video Deepfakes, Devin Gets Slack Access, New Fabric Patterns, AI Application Interfaces, Let Grow, and more…

March 19, 2024   |   Read Online


Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

  • MY WORK
  • SECURITY
  • TECHNOLOGY
  • HUMANS
  • IDEAS & ANALYSIS
  • NOTES
  • DISCOVERY
  • RECOMMENDATION OF THE WEEK
  • APHORISM OF THE WEEK

Hey there!

Added some really sick Patterns to Fabric this week!

  • ⚙️create_better_frame: Takes any type of input where someone is presenting, interpreting, or commenting on the world, and does two things: 1) it creates negative frames for seeing that content, and 2) offers more positive frames. Basically**,** it provides a positivity filter for any given input, should one choose to accept it. MORE

  • ⚙️create_academic_paper: Takes any bullet points, article, essay, or anything else you’ve written, and turns it into a LaTeX-formatted academic paper format! MORE

Also, for anyone with a git repo, summarize_git_changes is a great way to see and share updates on recent progress. MORE

bash
cd yourgitrepo
git log --pretty=format:"%h - %an, %ar : %s" --stat | head -n 500 | fabric -sp summarize_git_changes

Fabric’s latest updates

Also, Threshold (UL’s first commercial product) is imminent! Like I’m already in there and using it, and we’re making final tweaks now. It’ll launch in Preview, meaning there will be lots of changes in the next few weeks, but it will be useful from Day 1.

Can’t wait to share it. Hopefully this week and then in next week’s newsletter.

Ok, let’s get to it…

MY WORK

Personal AIs Will Mediate Everything

What happens to user-facing businesses when humans aren’t the things interacting with products?

danielmiessler.com/p/personal-ais-will-mediate-everything

A Conversation with Jason Meller of Kolide/1Password - Unsupervised Learning

In this sponsored conversation, I speak with Jason Meller. Jason is the founder of Kolide, which has just recently been acquired by 1Password. We discuss:

  • Kolide's acquisition by 1Password
  • The synergy between Kolide and 1Password
  • The challenge of password management
  • The concept of device trust and zero trust
  • The limitations of MDM solutions
  • Engaging end-users in security remediation
  • The philosophy behind Kolide's approach
  • The importance of human-friendly security solutions
  • Future plans for Kolide under 1Password
  • The potential for broader application of Kolide's technology

Jason and I see a lot of things the same, and I really enjoyed this conversation and think you will too.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-meller-of-kolide-1passwo

SECURITY

🚨This is a collection of full-video deepfakes that are seriously concerning. They’re generated by a commercial model, not like a government. MORE

💡We seriously need to build like a global Snopes platform. Like before the elections.

Idea: You get a bunch of Left people, Center people, and Right people and you build a platform that does like Snopes used to do with internet claims. It basically shows the content, and gives an analysis of why you should believe it, why you shouldn’t, and then a verdict. Plus you can have the platform be like a collection point for pro-con arguments, in super concise form. And yeah, it’ll use AI to do a lot of that collection and summarization.

Something like:


SITUATION: There’s a video of Obama saying it’s time for a pre-emptive strike against Mayanta.

ANALYSIS: The video is currently being analyzed by multiple experts. Here is what has been said so far:

  • Fox News Analysis: The video appears to be fake, created by _____. SOURCE
  • ONN Analysis: No evidence that the video is fake. SOURCE
  • CISA Analysis: This is a deepfake, read our analysis here. SOURCE
  • Breitbart: Obama has said similar things in the past so there’s no reason to disbelieve it. SOURCE

CURRENT CONCLUSION: Given the current evidence, we are ALMOST CERTAIN that this video is a deepfake, using Kent’s Words of Estimative Probability.

We need this service. And as Dan Kaminsky used to say, “We have the technology.”

The Left/Right cooperation won’t be perfect, of course, but it’ll be 1,000% better than nothing.

These deepfakes are too good for us not to have any trusted place for people to verify things.

There’s a supposed data leak of data on 71 million AT&T customers, but AT&T says it’s not from their systems. MORE

Someone built an AITM (Active In the Middle) attack tool using just 174 lines of code on Cloudflare Workers. It can supposedly fully bypass MFA on Microsoft accounts. MORE

Leaked documents reveal a Chinese hacking group's systematic attacks against 20 foreign governments and companies, including detailed operations and targets. MORE

Sponsor

🔍Enhance Enterprise Security: Ensure Device Trust and Protect Your Data!🔍

When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.

These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.

Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.

Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

Watch a Demo

SpaceX is contracted to build a spy satellite network for a US intelligence agency. Makes sense. I can’t think of a cheaper and more reliable way to get a lot of satellites into space. MORE

Rohan Pandey modified llama2 to un-redact an email from Elon to Illya. MORE

Burglars are starting to use Wi-Fi jammers to knock out security cameras, making it harder to track them down afterward. MORE

Sponsor

VIRTUAL OPEN SOURCE POWERED SECURITY CONFERENCE

Join us for Hardly Strictly Security: The Ultimate Open Source Cybersecurity Conference. Mark your calendars for April 25th. This free, virtual conference is for security engineers, red teamers, bug bounty hunters, security leaders, and anyone who wants to celebrate and continue to leverage the power of open source to make our world more secure.

hardlystrictlysecurity.io

Join Us!

A Chinese company's leaked documents reveal a massive global hacking campaign. MORE

Fortinet has disclosed a critical SQL injection flaw in FortiClientEMS that could let attackers run code on systems. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

Steven Hao gave Devin access to his work stuff (questionable?), and it’s basically doing his job for him. Devin is even posting on Slack and asking questions, and using the responses to continue when he gets stuck. MORE

💡The amount of hate and hype towards Devin has been extraordinary. Definitely go check it out if you haven’t yet. It’s basically a code automation agent that does better than previous attempts.

Midjourney's new "Character Reference" feature finally lets you recreate the same AI character in different situations. Can’t wait to play more with this. MORE

Elon Musk open-sourced Grok, but not completely. They didn’t release any of the code required to train it. MORE

💡As I talked about before, I think we should only call a model “open source” if they release 1) the weights, 2) the data, and 3) the full training methodology—including code.

Covariant is launching RFM-1, aiming to bring ChatGPT-like capabilities to robots. This platform could revolutionize how robots understand and interact with the physical world, making them more adaptable and intelligent. MORE

💡AI is big. Robots are big. But the biggest is AI in robots.

Finland is rolling out a giant 'sand battery' to store heat in winter, showing 1 MW of power and a 100 MWh capacity. The technique uses excess electricity to warm sand and can meet a week's heat demand in winter with minimal energy loss. MORE

Nvidia's getting into humanoid robotics with its new AI platform, GR00T. The platform is designed to support a wide range of humanoid robots, including big names like Agility Robotics and Boston Dynamics, marking a significant push into the sector. Massively impressed with Nvidia right now. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

HUMANS

Hong Kong is implementing a new, Beijing-driven stringent security law that goes after treason and other types of dissent. The penalties are harsh, with up to life in prison. Hong Kong continues to get phased out, with China phased in. MORE

Midjourney is blocking AI-generated images of Trump and Biden going into the 2024 election. MORE

The U.S. unexpectedly added 275,000 jobs in February, surpassing economist predictions. But the unemployment rate went up slightly, to 3.9%. MORE

A really good thread here on Hacker News about experienced programmers not being able to find jobs. OP and commenters have a theory for why it’s happening. MORE

Some schools in England are adopting super strict policies, inspired by the Michaela Community School's success, to improve student behavior and academic outcomes. These schools enforce rigid routines and discipline, believing it helps disadvantaged students succeed, despite criticism of the approach being oppressive. MORE

💡I’ve been expecting to see a lot more of this, actually. Not just for disadvantaged students—which I can see it being great for—but for everyone. Reminds me of all the Man camps going on where you learn survival and hunting and stuff.

I see this as a counter to life being good, basically. Life for most people is fairly easy in terms of not being in danger, having enough to eat, etc., and people want to build character.

It’s hard to build character when everything is easy. So we should expect to see a lot more of making things artificially hard—on purpose—to help strengthen ourselves.

Like Stoic Resilience Training (SRT) or something. I’m for it, as long as it doesn’t get too out of hand.

Young men and women are drifting apart politically, with women going way more Left, and men staying largely the same. MORE | MORE

John Barnett, a former Boeing whistleblower, was found dead amid a lawsuit against the company. He exposed safety issues, including a 25% failure rate in emergency oxygen systems. MORE

🚨Toronto Police suggest leaving car keys at the front door to dodge violent run-ins with car thieves. It's a bit like saying, "Take my car, not me." MORE

💡This is how you get Republicans elected, and eventually—if things aren’t fixed—far-right governments like we’re seeing all across Europe.

Liberals can’t let Conservatives be the only people who enforce laws and maintain security. Or they can, but there will be consequences.

“They voted for THAT guy? Wow, the voters are evil and stupid!” Maybe. But people also like feeling safe. As usual, the answer is a hybrid:

  1. Enforce laws strictly, largely as if criminals had a choice.
  2. Invest heavily in at-risk groups before they commit crimes, largely as if they don’t.

Recent Boeing incidents have sparked far-right conspiracy theories about diversity causing intentional failures. Some extremists claim these mishaps are part of a plot to undermine Western civilization and promote communism. MORE

💡Wut? If someone can explain that one to me I’d appreciate it.

Using tap water in a Neti Pot can be deadly due to potential brain-eating amoebas. It's safer to use distilled or sterilized water for sinus cleaning. MORE

💡I feel vindicated. I’ve been using only filtered (reverse osmosis) water for mine for years. The best treatment I’ve found (along with an allergy pill) by far.

This analysis claims to show that people used to consume more calories without gaining as much weight. MORE

Fentanyl poisoning has become the leading cause of death for Americans aged 18-45. MORE

Over 2,000 U.S. newspapers have closed since 2004. MORE

Car washes are popping up everywhere because they're surprisingly profitable. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

I’ve had an absolute epiphany about politics, and really everything in the last couple of months. Specifically from the concept of Framing. I feel like it’s a model with extraordinary explanatory power, and I’ve not found anything it can’t explain. It’s becoming my primary Unified Theory. I’m prone to excitement though, so I’m going to let it sit for a while before I write another big piece about it.


Really interesting back and forth with Dino Dai Zovi about the cybersecurity “floor and ceiling”.

tw profile: ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 @DanielMiessler

tw

Replying to @dinodaizovi

Security is always roughly as good as it should be. We know this because if it needed to be better, it would be.

Most home locks are pickable, and most hospitals are ransomware-able.

Each system has an acceptable level of security failure.

3:00 PM • Mar 17, 2024

10 Likes   3 Retweets   5 Replies

And further thinking made me expand on it here.

tw profile: ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 @DanielMiessler

tw

Replying to @dinodaizovi

I don't think this is true on just multi-decade timelines. I think it's true on "an average day" timeline.

Think about how much we have of the following:

- Identity theft
- Account fraud
- Password reuse
- Companies constantly being hacked
- Ransomware
- Credential stuffing… twitter.com/i/web/status/1…

3:05 AM • Mar 18, 2024

0 Likes   0 Retweets   0 Replies**

And this is my piece from 2018 that I think captures the idea best.

Why Software Remains Insecure

My piece from 2018 on why software remains insecure after we’ve spent decades trying to solve the problem…

danielmiessler.com/p/the-reason-software-remains-insecure

Basically, I think security is subordinate to innovation and daily life in most situations, and that it falls to an absolute minimum as a result. And as a result, we should guard our mental health against thinking people are steering us wrong, or that we’re massively neglecting something that urgently must be fixed.

In short, if it were urgent we would know because it would get fixed immediately. And if it’s not fixed immediately, it’s not urgent.

This isn’t a statement about any objective rating of what matters, or what’s more secure or insecure (see Framing above).

Framing is Everything

We're seeing reality through drastically different lenses, and living in different worlds because of it.

danielmiessler.com/p/framing-is-everything

The only thing that matters is what people care about and worry about. And that’s why we can spend billions barely moving the needle on a thing that’s not that important, while completely ignoring worse risks that don’t inspire people to care.

NOTES

We had a banger UL meetup this month where a member shared their super tricked-out keyboard. It’s the exact type I’d been looking up already and trying hard not to get into. But he made such a compelling case that I’m now going down the rabbit hole. Send help. Also don’t click this link. MORE

I’m emotionally moved, and technically astounded, by the fact that Voyager 1 is a light day away from us. A LIGHT DAY. 24 hours at the speed of light, just to send and receive a signal. Oh, and the thing keeps like dying and then coming back online. What a hero.

DISCOVERY

🛡️ haktrails is a Golang client that makes querying SecurityTrails API data super easy. Especially useful for bug bounty hunters. | by hakluke | MORE

⚙️ Openapi-tui lets you interact with APIs defined in openapi spec right from your terminal. | by zaghaghi | MORE

I Stopped Loving Captain Kirk MORE

Solarpunk is the new Cyberpunk MORE

Steve Pavlina's "Do It Now”. Takes me back. One of the early influences on my approach to productivity. From 2005! MORE

Minimal Viable System. MORE

🔥Ben Kuhn shares Why and How to Blog. MORE

Which Skills Are Least Likely to Be Replaced by AI? MORE

Amanda Askell talks about why Claude 3’s system prompt is so good. MORE

Spreadsheets as Simulation Tools MORE

The Getty has released nearly 88,000 art images for anyone to use for free. MORE

RECOMMENDATION OF THE WEEK

Share Let Grow with people! Absolutely love this project!

It’s about teaching independence and resilience to kids.

Watch this (it’s 4 minutes).

YouTube video by Andrea Keith

When Kids Step Up : A Let Grow Film

tw profile: Jonathan Haidt

Jonathan Haidt @JonHaidt

tw

The most effective and most fun way to reduce anxiety in elementary and middle school students is the Let Grow Experience. Below is a 4 minute video about it, very moving. Parents: ask your kids' school to try it. It's free. Visit letgrow.org

youtube.com/watch?v=zrlhZZ…
When Kids Step Up : A Let Grow Film
Ortwein Elementary, a public school in Las Vegas, is doing the Let Grow Experience, a free curriculum that builds student and parent agency. The simple month...

12:01 PM • Mar 18, 2024

330 Likes   67 Retweets   8 Replies

Please share this with anyone you know who cares about raising healthy, independent kids.

APHORISM OF THE WEEK

I am not what happened to me. I am what I choose to become.

Carl Jung

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶

Share UL with someone like us…

Yours,