- Unsupervised Learning
- Posts
- UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...
UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...
Becoming Attention, Weighting on OpenAI, Ozempic and Aging?, and more...
SECURITY | AI | MEANING :: Unsupervised Learning is a stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.
TOC
NOTES
Hey there!
Ok, few quick things…
🎙️➡️Please resubscribe to the podcast. The podcast URL is updated and there’s a lot more content now each week! RESUBSCRIBE WITH YOUR FAVORITE CLIENT
My new favorite Fabric Pattern is one I just made called
extract_primary_problem
. It takes a text input, or a body of work, and gives a single sentence summarizing what that thinker believes the biggest problem in the world. This one ran on this article.
THE PATTERNFrom If Your World Isn’t Enchanted, You’re Not Paying Attention
I’m absolutely blown away that I can now take ANYTHING and send it in here, like Tolstoy, the Unabomber, Dr. Ruth—whoever! And it will encapsulate their work into a problem that needs to be solved. Which we can then put into Substrate.
My other recent favorite is
create_story_explanation
, which explains a really difficult piece of content, or body of work, in a flowing story style that’s much easier to follow. THE PATTERN
MY WORK
SECURITY
Researchers have discovered a SQL injection vulnerability in a critical air transport security system that could let unauthorized individuals bypass TSA security checks and access aircraft cockpits. MORE
The New York Times has revealed a significant breach involving GitHub tokens. Attackers exploited these tokens to gain unauthorized access to various repositories, potentially compromising sensitive data. MORE
Researchers from OpenAI, Microsoft, MIT, and Harvard have proposed "personhood credentials" to verify real humans online without revealing their identities. This system would require physical verification at trusted locations and use zero-knowledge proofs to confirm authenticity online. MORE
💡Really interesting project. So you have to validate who you are with a real address and such, but ZKP would protect that data during operations.
I love it, but we have to know the backend database will get hacked at some point too. Not sure how bad that would be relative to today, though, so probably still an upgrade.
Sponsor
Achieve scalable SaaS security while reducing spend
Learn how cloud-first org Stravito scaled their SaaS security program with Nudge Security while cutting SaaS spend and supporting rapid company growth, achieving these results:
Cost savings from unnecessary SaaS licenses
Streamlined user access reviews
Faster vendor security reviews
Complete (and automated) employee offboarding
Recorded Future has announced a new integration with Google Security Operations, enhancing both SIEM and SOAR components. This integration aims to drive greater automation in threat detection and response, enabling security teams to manage more threats efficiently and focus on strategic decision-making. MORE
North Korean hackers are back to targeting the npm code repository with malicious packages. Phylum, a cybersecurity firm, has identified renewed activity from groups like Contagious Interview and Moonstone Sleet, who are using npm to spread malware. MORE
US Army Special Forces showed their hacking skills during the Swift Response 24 military exercises in Sweden. They used a remote access device to hack into a building's Wi-Fi, disable security systems, and then stormed the building, leaving behind signal-jamming equipment and a laptop playing Rick Astley's "Never Gonna Give You Up." MORE
Chinese companies are planning to launch over 15,000 low-Earth-orbit satellites, which Mercedes Page from the Australian Strategic Policy Institute warns could enable countries using Chinese broadband services to control information flow, monitor user activity, and even shut down the internet during unrest. MORE
Las Vegas police are pushing back against a new NFL policy requiring officers working Raiders games to provide photos for facial recognition. The police union is concerned about the potential misuse of biometric data and the risk of officers being targeted. MORE
AI / TECH
Google has announced new variants of its Gemini 1.5 model, including the smaller Gemini 1.5 Flash-8B, an improved Gemini 1.5 Flash, and a stronger Gemini 1.5 Pro. OpenAI keeps making everyone weight (sorry) for their new model, or half-model, which appears to be something called Orion that uses their new Strawberry technology. MORE
California's AI regulation bill, SB 1047, has passed the state Senate with a 29-9 vote and is now heading to Gov. Gavin Newsom's desk. It’s a set of rules saying companies making models of a certain size must have certain safety measures in place. MORE
OpenAI is reportedly in talks to raise a new funding round at a valuation exceeding $100 billion, led by Thrive Capital, with Microsoft also expected to participate. NVIDIA and Apple have also been rumored. MORE
OpenAI has enhanced its Assistants API, making it easier for developers to fine-tune how AI assistants handle file searches. The new controls allow developers to adjust how agents select information and inspect search results, improving response accuracy. MORE
💡This is a much-needed upgrade. The features and ease-of-use for a RAG system is the difference between popularity and obscurity.
Companies like JPMorgan and Walmart are shifting from restricting generative AI tools like ChatGPT to developing their own internal AI assistants. Basically, they can’t pass it up, but also can’t risk using the cloud versions. MORE
Cisco is acquiring Robust Intelligence, a company that secures AI applications. I’m not close to the details, but from Cisco this feels desperate to me. Like, “We know we’re screwed, let’s do something AI before it’s too late.” MORE
Plaud.AI's new NotePin is a wearable version of its previous credit card form factor. I have one on order. MORE
Amazon is set to release a new version of its Alexa voice assistant in October, and it will be powered by Anthropic’s Claude AI models. MORE
Nearly half of Nvidia's revenue comes from just four mystery customers, each spending over $3 billion on AI chips like the H200. This heavy reliance on a few major clients raises concerns about the sustainability of Nvidia's rapid growth. Well more than that I’m just really curious who they are, and I’m surprised it’s not easier to find out. MORE
AnandTech is shutting down after 27 years of covering computing hardware. Really sad. They said Tom’s Hardware will carry their torch. MORE
China's 'Wukong' game just sold 10 million copies in three days. This is a massive hit and shows the growing influence of Chinese game developers in the global market. MORE
Huawei posted record profits in the first half of 2024, hitting $7.7 billion in net profit despite ongoing U.S. sanctions. Their revenue surged by 34.3% year-on-year to CNY 417.5 billion, driven mainly by a revival in their consumer business and rapid growth in Huawei Cloud. Imagine what they’d have done without the US headwinds. MORE
A woman in California used an Apple AirTag to track down her stolen mail, leading to the arrest of two suspects in Santa Maria. The suspects, Virginia Franchessca Lara and Donald Ashton Terry, were found with mail addressed to over a dozen people and are facing multiple felony charges. MORE
HUMANS
Anarchy in Sudan has led to the worst famine the world has seen in 40 years. The chaos has disrupted food supplies and aid, leaving millions on the brink of starvation. MORE
Nearly half of NYC bus riders skip paying the fare, causing significant revenue loss for the MTA, which is already under financial strain. 48% actually. Half? Wow. MORE
Researchers at the University of Kentucky have found that long COVID patients show brain changes similar to those seen in Alzheimer's disease. The study, published in Alzheimer's & Dementia, highlights shared issues like neuroinflammation and abnormal brain activity, suggesting common underlying mechanisms. MORE
Scientists have discovered that the interaction between two molecules, PKMzeta and KIBRA, is crucial for maintaining long-term memories. Blocking this interaction disrupts memory storage, highlighting the importance of their continual interaction rather than the molecules themselves. MORE
Ozempic, a drug for Type 2 diabetes and obesity, might also slow aging, according to new studies. Researchers found it could treat illnesses like heart failure, arthritis, Alzheimer's, and cancer, and even reduce death rates from cardiovascular issues and Covid-19. MORE
💡All this Ozempic news of it addressing more and more issues feels like it’s hitting something extremely fundamental, like inflammation—which has long been pointed at as a meta-cause or meta-symptom in lots of other diseases. I’m not saying it’s actually inflammation, just that it seems to be affecting something fundamental.
I mean, could that just be being thinner and having less visceral fat? Curious if any of you experts have opinions.
A CIA deep-cover operative, known as "Anthony Lagunas," spent years infiltrating Islamist extremist groups, even reaching Al Qaeda's broader network. Tragically, the psychological toll of his mission led to his death in 2016, raising questions about how the CIA supports its operatives' mental health. MORE
More people are going "no contact" with their parents, driven by a mix of personal growth and unresolved conflicts. MORE
DISCOVERY
wush
— wush is a command line tool for transferring files and opening shells over a peer-to-peer Wireguard connection. It eliminates the need for relay servers for authentication, using Wireguard for secure and fast connections. The tool leverages Tailscale's tsnet package and public DERP relays, but no Tailscale account is required. MORE
firecrawl
— Crawl sites using Claude or GPT and turn the output into LLM-ready Markdown. MORE
history4feed
— Dogesec developed an open-source tool that creates a complete historical archive of full-text posts from any RSS or ATOM feed. The tool uses the Wayback Machine and readability-lxml to scrape and clean up blog content, making it easier for researchers to access comprehensive cyber threat intelligence. MORE
The Most Dangerous Email I’ve Ever Sent MORE
Ask HN: Who Wants to Be Hired? — A Hacker News thread for people looking for work. MORE
My buddy Clint Gibler did an EPIC post summarizing every AI talk from Blackhat and DEFCON 2024. MORE
Using GPT-4o for Web Scraping MORE
Three questions candidates can ask to invert the power dynamic in technical interviews. MORE
The Hatch Restore 2 is a smart alarm clock designed to mimic sunrises and sunsets to help you wake up more naturally. I’m close to getting one, but I’m stopped by a simple fact: I get natural light in my windows in my bedroom when the….um…..sun, comes up. But I wear an eye mask to sleep. So I feel like this would be the worst kind of over-engineering. Still kind of want one. MORE
IDEAS
Beware of Commodified Incuriosity
This piece looks at the concept of "commodified incuriosity," where the act of researching and thinking is replaced by a focus on efficiency and productivity. I think it’s a great way to look at things, and a reason to be cautious with the overuse of something like extract_wisdom
. Basically, a big part of learning something is struggling with it. This is why AI tooling focused on learning should be used—in my current opinion—to help you find things to slow read. And then you think about it. And then you can use something like extract_wisdom
to help you make sure you don’t miss things in notes, etc. But don’t think that anything other than future learning implants can substitute for the hard work of actual thinking and processing. MORE
Depression as a Hand on a Stove
This argument suggests that instead of trying to eliminate depression, we should see it as a signal to make life changes. I think that’s absolutely true, but there are some cases where it’s pure chemistry out of whack. And I don’t know the difference between those. MORE
Attention → Enchantment
The piece argues that being enchanted by the world comes from learning to pay attention to it. I feel like learning to meditate (which is really just paying attention in my Sam Harris-based school), combined with music festivals, I’ve learned to truly appreciate small things in daily life. It’s made me a very happy person. I really feel like it’s a cheat to be able to extract this much joy from your neighbors, and seeing people going for a walk with their little kid, or hearing distant children playing. This also relates to framing, but the attention piece is key. MORE
Rarity and Beauty
I often wonder how much of beauty is just rarity. There are lots of seagulls at the lake I visit often. I barely notice them, by default. But I actively try to look at them sometimes as if they’re rare. To trick my mind into noticing their beauty. Ralph Waldo Emmerson has a quote, “If the stars should appear but one night every thousand years, how man would marvel and stare.” That’s really it, and I often think about how much beauty we have in our lives that we ignore because it’s either “common” or “omnipresent”. Or maybe those are the same in this context. I feel like the Stoics had it figured out when they taught the exercise of imagining your life without certain things. I try to do this, and it does help me appreciate them.
Two Bad Choices in November (Political, skip if you want)
I’ve heard for decades that “this election is between two bad choices”. I don’t know when people didn’t say that. I suppose maybe Ronald Reagan and Obama? Anyway, I really feel it this year. Personally. I cannot shake the feeling that Kamala is just a really bad candidate. Like, really bad. Like, vapid. And I see electing her as an extremely dangerous extension of the Far Left. The only thing I see as far worse, is Trump V2. Trump is, in my opinion, an actual wannabe dictator, and his fans are actually looking for one. Scares the crap out of me. What’s interesting though, is how different the dangers are. I think Kamala will further deteriorate the country through weakness, failure to address real problems, and harmfully addressing fake problems. And Trump will cause harm by creating chaos, disorder, and making the entire American system more cynical than it already is. A lot of people on the right think chaos is good, “cuz we need a shakeup”. Nah. not like this. Plus, the world will turn against us again, just like the first time. It’s just bad. But he will also do some good, just as Kamala will. It’s a mix, and a mess. I’m starting to think in terms of my recommendation of the week this week. Like my frustration is too much, and I feel helpless to assist. How about you?
RECOMMENDATION OF THE WEEK
Here’s a frame to try on: You become what you pay attention to.
It’s election year in a few places, including the US. The world is on fire. Politics are a mess everywhere. And it seems like the very fabric of Steven Pinker’s last couple of books has completely unraveled.
But maybe we have an option other than staring directly into the toilet. Maybe all the beauty in the world is still there. And maybe we can focus on that instead. Or at the very least—not on the toilet.
I’m not saying to be cowardly. If you’re one of the few people who can actually change lots of minds and help the world in some way, maybe you should serve time in the toilet that is our current situation. But that’s probably not the case. Most of us won’t be missed on those front lines.
So maybe instead we can use these few months to make a list of best poetry books. Or start a D&D campaign. Or to learn to play piano. Maybe we can focus our attention on the great stuff in the world that we always said we’d look at “later”.
Now is a pretty good time to do that. It’s a good time to fill our attention with that instead of the ugliness in the world. So we can become that goodness for someone else.
APHORISM OF THE WEEK
You become what you pay attention to, so be very careful what you pay attention to.