- Unsupervised Learning
- Posts
- UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie
UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie
Stopping Chinese AI/Robot imports, Substrate for political platforms, sun vs. smoking, and more...
SECURITY | AI | MEANING :: Unsupervised Learning is a stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.
TOC
NOTES
Ok, tons of content this week—super excited for this episode!
Going all-text this time—callback to old-school
Upcoming Speaking: Snyk’s conference in October, Cyberstorm in Switzerland in October, BlackHat in Rihyad in November
The one AI tool you should be trying out from the last couple of weeks is CursorAI. Lots of people are switching to it from Copilot. The big feature seems to be an editor that understands your full codebase.
Ok, let’s go…
MY WORK
My new essay on why layoffs, hiring, the job market, and work in general just sucks right now. One of my top 20 essays ever. READ IT
The new way I explain AI—and specifically LLMs—to people. READ IT
SECURITY
CrowdStrike's 2024 Threat Hunting Report reveals that North Korean operatives, posing as job applicants, have infiltrated over 100 U.S.-based companies in sectors like aerospace, defense, retail, and tech. Not much coverage of Blue Friday. MORE
State-linked Chinese entities are using cloud services from Amazon and its rivals to access advanced U.S. chips and AI capabilities they can't get otherwise. MORE
Cisco has patched multiple vulnerabilities, including a high-severity bug (CVE-2024-20375) in its Unified Communications Manager products. This flaw, reported by the NSA, affects SIP call processing and can be exploited remotely to cause a denial-of-service condition. MORE
Sponsor
Is Foreign Software Running in Your Environment?
Shadow I.T., foreign software, and even unpatched vulnerabilities could be lurking in your corporate mandated devices. To resolve this, ThreatLocker® is offering free I.T. security health reports to organizations looking to harden their environment and mitigate the risks of potential nation-state attacks, all on a single pane of glass.
ThreatLocker’s free report audits what is occurring in your environment, including:
Information about executables, scripts, and libraries.
Files that have been accessed, changed, or deleted.
All network activity, including source and destination IP addresses, port numbers, users, and processes.
Identify and prevent installed software from communicating with entities in Russia, China, or other threat actors.
Two U.S. lawmakers are urging the Commerce Department to investigate cybersecurity risks associated with TP-Link routers, citing vulnerabilities and potential data sharing with the Chinese government. MORE
Quarkslab found a major backdoor in RFID cards made by Shanghai Fudan Microelectronics, one of China's top chip manufacturers. This backdoor allows for the instant cloning of contactless smart cards used globally to open office doors and hotel rooms. MORE
The AI Risk Repository now lists over 700 potential risks that advanced AI systems could pose, making it the most comprehensive source for understanding AI-related issues. MORE
Sponsor
13 Cybersecurity Tools. One Platform. Built for IT Teams
There are thousands of cybersecurity point solutions. Many of them are good—but managing more than a dozen tools, disparate reports, invoices, trainings, etc. is challenging for small IT teams.
We’ve built a platform that does assessments, testing, awareness training, and 24/7/365 managed security all in a single pane of glass. Because every company deserves robust cybersecurity.
Researchers found a way to exfiltrate data from Slack's AI by using indirect prompt injection. MORE
The U.S. Navy is rolling out Starlink on its warships to provide high-speed, reliable internet connections, significantly improving operational capabilities and crew morale. MORE
AI / TECH
Anthropic has published the system prompts for its latest AI models, including Claude 3 Opus, Claude 3.5 Sonnet, and Claude 3.5 Haiku. MORE
AGIBOT—a Chinese company—just unveiled a fleet of five advanced humanoid robots to compete directly with Tesla’s Optimus bot. These models, including the flagship Yuanzheng A2, are designed for tasks ranging from household chores to industrial operations and will start shipping by the end of 2024. I’ll be waiting for an American option. MORE
💡I am anti-Chinese-imports for both robotaxis and humanoid robots. The market is too big, China moves too fast, and we need to give American companies (Elon) time to compete.
I don’t like this take. I don’t like slowing pressure from the outside, and if it were India, or Ireland I’d be ok with applying that pressure. But not China. They’re too obviously a malicious actor to allow them to dominate these new markets.
Speaking of that, Tesla is hiring people to train its Optimus humanoid robot by wearing motion capture suits and mimicking actions it will perform. The job, listed as “Data Collection Operator,” pays up to $48 per hour and involves walking for over seven hours a day while carrying up to 30 pounds and wearing a VR headset. MORE
Waymo is looking to launch a subscription service called "Waymo Teen" that would allow teenagers to hail robotaxis solo, with prices ranging from $150 to $250 per month for up to 16 rides. MORE
An AI scientist developed by the University of British Columbia, Oxford, and Sakana AI is creating its own machine learning experiments and running them autonomously. This is where most innovation will come from AI. Not just in implementing tasks, but in doing new research. I talked about it here. MORE
Victor Miller, a mayoral candidate in Wyoming’s capital city, has vowed to let his customized ChatGPT named Vic (Virtual Integrated Citizen) help run the local government if elected. MORE
💡I’m working on how to articulate a political platform for any level of office using Substrate.
You basically define exactly what you want to do, and it branches out with all the Problems, Strategies, KPIs, etc., all in a single platform file that people’s AIs can evaluate and compare to their own beliefs and goals.
I think this is where leadership is heading. Transparent descriptions of vision, strategy, and outcome measurement.
Sean Ammirati, a professor at Carnegie Mellon, noticed a massive up-leveling of progress in his entrepreneurship class this year thanks to generative AI tools like ChatGPT, GitHub Copilot, and FlowiseAI. Students used these tools for marketing, coding, product development, and recruiting early customers, resulting in venture capitalists flocking to the campus. MORE
💡This is what I’ve been talking about with AI Augmentation. If you were competing with a 95/100 person before, because they went to CMU—well, now you’re competing with a 130/100 because they went to CMU AND they use AI for everything.
—
I read better articles because of AI
Therefore I get better ideas because of AI
Therefore I build better stuff because of AI
Etc.
And I do this all faster than was possible before
Upgrade or lose. Those are your options.
GM is cutting over 1,000 software engineers to streamline its software and services organization. Streamlining by cutting out 1,000 devs? The way I read this is “Start from scratch and only hire A’s from now on.” See: all of my other posts about companies only wanting Killer Cult Members from now on. MORE
Meta is using AI to streamline system reliability investigations with a new root cause analysis system. This system combines heuristic-based retrieval and large language model (LLM)-based ranking, achieving 42% accuracy in identifying root causes at the investigation's start. MORE
AI companies are shifting focus from creating god-like AI to building practical products. Gasp! This isn’t a bubble-pop; it’s just natural maturity of a thing that came out 13 minutes ago. People are still figuring this stuff out, and it’s still day 1 in terms of AI capabilities. MORE
Canada is slapping a 100% import tariff on China-made electric vehicles starting October 1, following similar moves by the US and EU. MORE
Former Google CEO Eric Schmidt predicts rapid advancements in AI, with the potential to create significant apps like TikTok competitors in minutes within the next few years. MORE
Anthropic Claude 3.5 can now create iCalendar files from images, and Greg's Ramblings shows how you can use this feature to generate calendar entries just by snapping a photo of a schedule or event flyer. MORE
AWS CEO Adam Selipsky predicts that within the next 24 months, most developers might not be coding anymore due to AI advancements. He emphasizes that the real skill will shift towards innovation and understanding customer needs rather than writing code. MORE
Chinese companies have ramped up their imports of chip production equipment, spending nearly $26 billion in the first seven months of the year. They need to equip 18 new fabs expected to start operations in 2024 and are seriously worried about export controls. MORE
HUMANS
Cisco is laying off 7% of its workforce, which is around 5,900 employees, as it pivots towards AI and cybersecurity. The company is investing $1 billion in tech startups like Cohere, Mistral, and Scale, and has partnered with Nvidia to develop AI infrastructure. MORE
McKinsey's new study reveals that business leaders are missing the mark on why employees are quitting. They say companies are focusing on transactional perks like compensation and flexibility, but employees are actually seeking meaning, belonging, holistic care, and appreciation at work. Couldn’t have been better timed with this week’s Work essay. MORE
Twenty-four brain samples collected in early 2024 measured on average about 0.5% plastic by weight. MORE
Gallup has released its 2023 Global Emotions report, which measures the world's emotional temperature through the Positive Experience Index and Negative Experience Index. The data comes from surveys conducted in 142 countries, using a mix of telephone, face-to-face, and some web surveys, with about 1,000 respondents per country. MORE
💡Exceedingly cool research and data and visualizations! MORE
Nonsmokers who avoided the sun had a life expectancy similar to smokers who got the most sun, according to a study of nearly 30,000 Swedish women over 20 years. The research suggests that avoiding the sun is as risky as smoking. This is the type of thing that needs way more research, but damn. More sun for me, regardless. It’s a massive boost for me in the morning. MORE
Stanford researchers have found that blocking the kynurenine pathway in the brain can reverse the metabolic disruptions caused by Alzheimer’s disease, improving cognitive functions in mice. I’m starting to feel like we’re about to make massive progress on both Alzheimer’s and Cancer, and it’s making me want to invest in 2-3 of the top drug companies. MORE
Using air purifiers in two Helsinki daycare centers reduced kids' sick days by about 30%, according to preliminary findings from the E3 Pandemic Response study. The research, led by Enni Sanmark from HUS Helsinki University Hospital, aims to see if air purification can also cut down on stomach ailments. MORE
University of Missouri scientists have developed a liquid-based solution that removes over 98% of nanoplastics from water. It uses natural, water-repelling solvents to absorb plastic particles, which can then be easily separated and removed. I expect to see a lot of similar products soon. I feel like microplastics might be the new health scare. Not sure if that’s justified or not. Can’t wait for the Huberman episode. MORE
Eli Lilly's weight loss drug tirzepatide, found in Zepbound and Mounjaro, reduced the risk of developing Type 2 diabetes by 94% in obese or overweight adults with prediabetes, according to a long-term study. Dayum. 94%. MORE
Apple Podcasts is losing ground to YouTube and Spotify, with a recent study showing YouTube now leads in podcast consumption at 31%, followed by Spotify at 21%, and Apple Podcasts trailing at 12%. MORE
IDEAS
Damn, just thought of a super cool use case for Fabric + Telos + Substrate.
1. Maintain a list of everything I've been REALLY wrong about. (Already working on this list)
2. Write a Fabric pattern that looks at that list and identifies key ways that I miss.
3. Recommend.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ⚙️ (@DanielMiessler)
8:39 PM • Aug 22, 2024
DISCOVERY
ffufai
uses ffuf and AI to find more web hacking targets, by Joseph Thacker. MORE
gofuzz.py
recursively looks at JavaScript files and finds endpoints that can be tested. MORE
analyze_interviewer_techniques
is a new Fabric pattern that will capture the ‘je ne se quoi’ of a given interviewer. I’ve been using it on Dwarkesh and Tyler Cowen. MORE
harness
is a quick tool I put together to test the efficacy of one prompt vs. another. It runs both against an input and then scores the output using a third, objective prompt that rates how well they followed the plot. MORE
State and time are the same thing — Hillel Wayne explores the concept that state and time are interchangeable. MORE
Don’t force yourself to become a bug bounty hunter, by Sam Curry. MORE
67 years of old Radio Shack catalogs have been scanned and are now available online. MORE
mdrss
is a Go-based tool that converts markdown files to RSS feeds. You can write articles in a local folder, and it automatically formats them into an RSS-compliant XML file, handling publication dates and categories. MORE
No "Hello", No "Quick Call", and No Meetings Without an Agenda — This blog post highlights common remote work mistakes like starting conversations with "Hi" and waiting for a response, asking for "quick calls" without context, and scheduling meetings without agendas. 😡💪 MORE
Roger Penrose's book "The Emperor's New Mind" explores the relationship between the human mind and computers, arguing that human consciousness cannot be replicated by machines. MORE
A Collection of Free Public APIs That Are Tested Daily MORE
RECOMMENDATION OF THE WEEK
Take the time to read this week’s main essay—We’ve Been Lied To About Work.
But more than just reading it, think about what it means if I’m right. Think about what that means for you and your career, but also all the young people you know and care about.
I didn’t talk about it in that piece, but the solution is the transition to a Human 3.0 mindset, which—in this context—means taking the same skills that you’re good at and that you do for someone else, and doing that for yourself.
More help is coming from me on how exactly to do that, but start thinking about it now.
APHORISM OF THE WEEK
To fear love is to fear life, and those who fear life are already three parts dead.