UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie

SECURITY | AI | MEANING :: Unsupervised Learning is a stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.

TOC

• NOTES

• MY WORK

• SECURITY

• AI / TECH

• HUMANS

• IDEAS

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

NOTES

Ok, tons of content this week—super excited for this episode!

• Going all-text this time—callback to old-school

• Upcoming Speaking: Snyk’s conference in October, Cyberstorm in Switzerland in October, BlackHat in Rihyad in November

• The one AI tool you should be trying out from the last couple of weeks is CursorAI. Lots of people are switching to it from Copilot. The big feature seems to be an editor that understands your full codebase.

Ok, let’s go…

MY WORK

My new essay on why layoffs, hiring, the job market, and work in general just sucks right now. One of my top 20 essays ever. READ IT

The new way I explain AI—and specifically LLMs—to people. READ IT

SECURITY

CrowdStrike's 2024 Threat Hunting Report reveals that North Korean operatives, posing as job applicants, have infiltrated over 100 U.S.-based companies in sectors like aerospace, defense, retail, and tech. Not much coverage of Blue Friday. MORE

State-linked Chinese entities are using cloud services from Amazon and its rivals to access advanced U.S. chips and AI capabilities they can't get otherwise. MORE

Cisco has patched multiple vulnerabilities, including a high-severity bug (CVE-2024-20375) in its Unified Communications Manager products. This flaw, reported by the NSA, affects SIP call processing and can be exploited remotely to cause a denial-of-service condition. MORE

Two U.S. lawmakers are urging the Commerce Department to investigate cybersecurity risks associated with TP-Link routers, citing vulnerabilities and potential data sharing with the Chinese government. MORE

Quarkslab found a major backdoor in RFID cards made by Shanghai Fudan Microelectronics, one of China's top chip manufacturers. This backdoor allows for the instant cloning of contactless smart cards used globally to open office doors and hotel rooms. MORE

The AI Risk Repository now lists over 700 potential risks that advanced AI systems could pose, making it the most comprehensive source for understanding AI-related issues. MORE

Researchers found a way to exfiltrate data from Slack's AI by using indirect prompt injection. MORE

The U.S. Navy is rolling out Starlink on its warships to provide high-speed, reliable internet connections, significantly improving operational capabilities and crew morale. MORE

AI / TECH

Anthropic has published the system prompts for its latest AI models, including Claude 3 Opus, Claude 3.5 Sonnet, and Claude 3.5 Haiku. MORE

AGIBOT—a Chinese company—just unveiled a fleet of five advanced humanoid robots to compete directly with Tesla’s Optimus bot. These models, including the flagship Yuanzheng A2, are designed for tasks ranging from household chores to industrial operations and will start shipping by the end of 2024. I’ll be waiting for an American option. MORE

Speaking of that, Tesla is hiring people to train its Optimus humanoid robot by wearing motion capture suits and mimicking actions it will perform. The job, listed as “Data Collection Operator,” pays up to $48 per hour and involves walking for over seven hours a day while carrying up to 30 pounds and wearing a VR headset. MORE

Waymo is looking to launch a subscription service called "Waymo Teen" that would allow teenagers to hail robotaxis solo, with prices ranging from $150 to $250 per month for up to 16 rides. MORE

An AI scientist developed by the University of British Columbia, Oxford, and Sakana AI is creating its own machine learning experiments and running them autonomously. This is where most innovation will come from AI. Not just in implementing tasks, but in doing new research. I talked about it here. MORE

Victor Miller, a mayoral candidate in Wyoming’s capital city, has vowed to let his customized ChatGPT named Vic (Virtual Integrated Citizen) help run the local government if elected. MORE

Sean Ammirati, a professor at Carnegie Mellon, noticed a massive up-leveling of progress in his entrepreneurship class this year thanks to generative AI tools like ChatGPT, GitHub Copilot, and FlowiseAI. Students used these tools for marketing, coding, product development, and recruiting early customers, resulting in venture capitalists flocking to the campus. MORE

GM is cutting over 1,000 software engineers to streamline its software and services organization. Streamlining by cutting out 1,000 devs? The way I read this is “Start from scratch and only hire A’s from now on.” See: all of my other posts about companies only wanting Killer Cult Members from now on. MORE

Meta is using AI to streamline system reliability investigations with a new root cause analysis system. This system combines heuristic-based retrieval and large language model (LLM)-based ranking, achieving 42% accuracy in identifying root causes at the investigation's start. MORE

AI companies are shifting focus from creating god-like AI to building practical products. Gasp! This isn’t a bubble-pop; it’s just natural maturity of a thing that came out 13 minutes ago. People are still figuring this stuff out, and it’s still day 1 in terms of AI capabilities. MORE

Canada is slapping a 100% import tariff on China-made electric vehicles starting October 1, following similar moves by the US and EU. MORE

Former Google CEO Eric Schmidt predicts rapid advancements in AI, with the potential to create significant apps like TikTok competitors in minutes within the next few years. MORE

Anthropic Claude 3.5 can now create iCalendar files from images, and Greg's Ramblings shows how you can use this feature to generate calendar entries just by snapping a photo of a schedule or event flyer. MORE

AWS CEO Adam Selipsky predicts that within the next 24 months, most developers might not be coding anymore due to AI advancements. He emphasizes that the real skill will shift towards innovation and understanding customer needs rather than writing code. MORE

Chinese companies have ramped up their imports of chip production equipment, spending nearly $26 billion in the first seven months of the year. They need to equip 18 new fabs expected to start operations in 2024 and are seriously worried about export controls. MORE

HUMANS

Cisco is laying off 7% of its workforce, which is around 5,900 employees, as it pivots towards AI and cybersecurity. The company is investing $1 billion in tech startups like Cohere, Mistral, and Scale, and has partnered with Nvidia to develop AI infrastructure. MORE

McKinsey's new study reveals that business leaders are missing the mark on why employees are quitting. They say companies are focusing on transactional perks like compensation and flexibility, but employees are actually seeking meaning, belonging, holistic care, and appreciation at work. Couldn’t have been better timed with this week’s Work essay. MORE

Twenty-four brain samples collected in early 2024 measured on average about 0.5% plastic by weight. MORE

Gallup has released its 2023 Global Emotions report, which measures the world's emotional temperature through the Positive Experience Index and Negative Experience Index. The data comes from surveys conducted in 142 countries, using a mix of telephone, face-to-face, and some web surveys, with about 1,000 respondents per country. MORE

Nonsmokers who avoided the sun had a life expectancy similar to smokers who got the most sun, according to a study of nearly 30,000 Swedish women over 20 years. The research suggests that avoiding the sun is as risky as smoking. This is the type of thing that needs way more research, but damn. More sun for me, regardless. It’s a massive boost for me in the morning. MORE

Stanford researchers have found that blocking the kynurenine pathway in the brain can reverse the metabolic disruptions caused by Alzheimer’s disease, improving cognitive functions in mice. I’m starting to feel like we’re about to make massive progress on both Alzheimer’s and Cancer, and it’s making me want to invest in 2-3 of the top drug companies. MORE

Using air purifiers in two Helsinki daycare centers reduced kids' sick days by about 30%, according to preliminary findings from the E3 Pandemic Response study. The research, led by Enni Sanmark from HUS Helsinki University Hospital, aims to see if air purification can also cut down on stomach ailments. MORE

University of Missouri scientists have developed a liquid-based solution that removes over 98% of nanoplastics from water. It uses natural, water-repelling solvents to absorb plastic particles, which can then be easily separated and removed. I expect to see a lot of similar products soon. I feel like microplastics might be the new health scare. Not sure if that’s justified or not. Can’t wait for the Huberman episode. MORE

Eli Lilly's weight loss drug tirzepatide, found in Zepbound and Mounjaro, reduced the risk of developing Type 2 diabetes by 94% in obese or overweight adults with prediabetes, according to a long-term study. Dayum. 94%. MORE

Apple Podcasts is losing ground to YouTube and Spotify, with a recent study showing YouTube now leads in podcast consumption at 31%, followed by Spotify at 21%, and Apple Podcasts trailing at 12%. MORE

IDEAS

DISCOVERY

ffufai uses ffuf and AI to find more web hacking targets, by Joseph Thacker. MORE

gofuzz.py recursively looks at JavaScript files and finds endpoints that can be tested. MORE

analyze_interviewer_techniques is a new Fabric pattern that will capture the ‘je ne se quoi’ of a given interviewer. I’ve been using it on Dwarkesh and Tyler Cowen. MORE

harness is a quick tool I put together to test the efficacy of one prompt vs. another. It runs both against an input and then scores the output using a third, objective prompt that rates how well they followed the plot. MORE

State and time are the same thing — Hillel Wayne explores the concept that state and time are interchangeable. MORE

Don’t force yourself to become a bug bounty hunter, by Sam Curry. MORE

67 years of old Radio Shack catalogs have been scanned and are now available online. MORE

mdrss is a Go-based tool that converts markdown files to RSS feeds. You can write articles in a local folder, and it automatically formats them into an RSS-compliant XML file, handling publication dates and categories. MORE

No "Hello", No "Quick Call", and No Meetings Without an Agenda — This blog post highlights common remote work mistakes like starting conversations with "Hi" and waiting for a response, asking for "quick calls" without context, and scheduling meetings without agendas. 😡💪 MORE

Roger Penrose's book "The Emperor's New Mind" explores the relationship between the human mind and computers, arguing that human consciousness cannot be replicated by machines. MORE

A Collection of Free Public APIs That Are Tested Daily MORE

RECOMMENDATION OF THE WEEK

Take the time to read this week’s main essay—We’ve Been Lied To About Work.

But more than just reading it, think about what it means if I’m right. Think about what that means for you and your career, but also all the young people you know and care about.

I didn’t talk about it in that piece, but the solution is the transition to a Human 3.0 mindset, which—in this context—means taking the same skills that you’re good at and that you do for someone else, and doing that for yourself.

More help is coming from me on how exactly to do that, but start thinking about it now.

APHORISM OF THE WEEK