Skip to content

Unsupervised Learning NO. 394

Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading…

Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading…

Episode Image

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hey there!

Back from Vegas finally. 14 days is too much Vegas.

2 talks and 3 panels this year, and that’s on a (light) year that I planned on saying no to most things. But I got away easy with only 5 things; my buddy Jason had 9!

And now the covid waiting game begins. The texts and posts reporting people being positive are starting to accumulate, including from events I attended, so I’m hoping I make it to like Friday without getting it myself.

Also, super interesting—make sure you test correctly__. A guy took 5 different tests and got vastly different results based on how he tested.

In the meantime, I hope you have a great week!

Signature

In this episode:

🎰 Back from Vegas: Event Recap
🔬 Covid Testing: Importance of Correct Method
🔥 Burnout and Addiction: Shared Root Cause
🪳 Vulnerabilities
🎩 Black Hat Highlights: Tool Releases
👥 Lapsus$ Tactics: Simple Techniques, Big Breaches
🤖 AI Cyber Challenge: DARPA's Call to Arms
🔒 Cybersecurity Standings: US vs China
🌐 Render's Cloudflare Issue: Network Errors
🔍 PromQL Guardrails: Code Scanning with Semgrep
🔭 Tool & Article Discovery
➡️ The Recommendation of the Week
🗣️ The Aphorism of the Week

MY WORK

Burnout and Addiction
Burnout and addiction may share a common root cause - a lack of fulfillment or a "meaning loop" in one's life. According to Johann Hari, addiction is a lack of a strong meaning loop that keeps you fulfilled, and burnout can occur when you're doing something that's not your true purpose. DANIELMIESSLER

🎙️ Subscribe to the Podcast
If you’re not getting the podcast yet, you should remedy that. It’s very close to the newsletter, but I often expand a bit on topics in the podcast version. Also, I’m about to pull a Lex Fridman and move the sponsors to the front so that there aren’t interruptions during the content. ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is not dead. Not in our world anyway. You can follow all UL content with via the following RSS feed. ADD TO YOUR RSS READER

SECURITY NEWS

There were multiple vulnerabilities and incidents revealed during Blackhat/DEFCON week, although the news was a bit quieter than usual due to media coverage of other topics. Here are the highlights.

  • 🪳CISA Microsoft Alert — CISA has flagged a zero-day flaw affecting Microsoft's .NET and Visual Studio products, and it's already being exploited. The vulnerability, known as CVE-2023-38180, has a CVSS score of 7.5 and impacts various versions of Visual Studio and .NET. SECURITYWEEK
  • 🪳Sogou Keyboard Vulnerabilities — Sogou Keyboard's encryption has some serious holes that could expose your keypresses to network snoops. | Critical | CITIZENSLAB
  • 🪳Researchers Can Listen to Keystrokes over Zoom — This one is a bit early, but researchers are claiming they can learn what Zoom participants are typing with 93% accuracy. Insane! ARSTECHNICA

Black Hat Highlights
The 2023 Black Hat conference was pretty stacked this year. Notable releases included MELEE, a tool for detecting ransomware in MySQL instances, and CheckGPT, a tool designed to detect AI-generated email attacks. Check out a full writeup here. SECURITYWEEK

Lapsus$ Tactics
The Lapsus$ hacking group, known for breaching high-profile companies, used simple techniques like SIM swapping to gain access to internal networks. The group, mainly composed of teenagers, targeted companies like Microsoft, Cisco, and Nvidia, and even attempted to compromise accounts connected to FBI and Department of Defense personnel. BLEEPINGCOMPUTER

AI Cyber Challenge
DARPA is rallying computer scientists, AI experts, and software developers to join the AI Cyber Challenge (AIxCC), a 2-year competition aimed at finding and fixing vulnerabilities in crucial software. Leading AI companies like Anthropic, Google, OpenAI, and Microsoft are partnering with DARPA to provide their technology and expertise to challenge participants. OODALOOP

Sponsor

Struggling to implement Zero Trust with Okta alone?

You're not alone.

Device hygiene and telemetry signals are shallow, and users get stuck, blocked, and sent to IT if there's an issue.

Forced to manage company access through exemption lists, IT is buried under a mountain of support tickets, creating the IT bottleneck.

Kolide Device Trust integrates with Okta for real-time device posture beyond checkbox compliance. Instead of leaving the user blocked, it provides contextual instructions so that they can resolve the issue themselves.

It's Device Trust done right.

Watch our on-demand demo to learn more.

👉lp.kolide.co/demo👈

Watch the Demo

Cybersecurity Standings
The head of the National Security Agency, Gen. Paul Nakasone, confidently stated that the U.S. is not trailing behind China in terms of offensive cybersecurity and surveillance capabilities. He attributes this to the ongoing "hunt forward" operations that actively search for clandestine activity on U.S. and allied networks. NEXTGOV

PromQL Guardrails
Semgrep, a tool for finding bugs and enforcing code standards, now supports PromQL. This new feature allows for code scanning at ludicrous speed. HACKERNEWS

AI Tech Standoff
The US and China are in a race to develop the most powerful AI systems, causing a tense relationship as each country safeguards its resources. The Biden Administration's move to limit Chinese tech investments in semiconductors, quantum computing, and AI has sparked concerns from regulators in other countries, including the UK and EU. OODALOOP

TECHNOLOGY NEWS

AI Chip Rush
China's internet giants are on a $5bn shopping spree for Nvidia chips, all in the name of powering up their AI systems. The rush is driven by fears of new US export controls and a global GPU shortage, with companies like Baidu, ByteDance, Tencent, and Alibaba ordering about 100,000 A800 processors to be delivered this year and in 2024. OODALOOP

AI Voices for Deceased Kids
Some content creators are using AI to recreate the voices of deceased or missing children, narrating their own tragic stories. While some defend this as a new way to raise awareness, experts warn it risks spreading misinformation and offending victims' loved ones. OODALOOP

Vim's Future Plans
The Vim project is making some changes to continue its development, with new members joining the organization and a focus on bug fixes, security updates, and documentation improvements. There are plans for a Vim 9.1 maintenance release and a potential move to a more modern approach, similar to Neovim, but the team is still figuring out the best way to handle this transition. GOOGLE GROUPS

AI Remaking Cloud
Artificial intelligence is shaking up cloud computing, with companies like OpenAI and Databricks leading the charge by providing tools to build AI features. Forbes' latest Cloud 100 list shows AI's growing influence, with seven newcomers, including Anthropic, a ChatGPT rival, benefiting from the AI boom. OODALOOP

AI-Powered Antibody Discovery
LabGenius, a company based in South London, is using AI to speed up the process of engineering new medical antibodies. Their machine learning algorithm designs antibodies to target specific diseases, then automated robotic systems build and test them, all within six weeks. WIRED

X's Ad-Revenue Changes
Elon Musk's social network X, previously known as Twitter, is making it easier for creators to earn from their content. The platform has reduced the eligibility threshold for ad revenue sharing from 15 million to 5 million impressions within the last three months, and creators can now cash out with as little as $10. TECHCRUNCH

Wireless OLED TV
LG has launched the world's first "wireless" OLED TV, capable of transmitting 4K 120HZ video wirelessly via a "Zero Connect Box". The TV, currently available in South Korea, will be released globally later this year. ACQUIREMAG

Google's eSignature Support
Google is adding eSignature support to Docs and Drive, making it easier for users to request and sign documents without switching between different apps. The feature, currently in beta, has been in alpha testing for over a year and is expected to be available to Workspace individual subscribers in the coming weeks. THEVERGE

Video Chat Revolution
The hype around video chat apps seems to be over, with the actual experience of video chat being in its most boring state ever. Despite the rush of interest in video chat apps during the pandemic, the market is now largely run by tech giants and the pace of new and interesting features has slowed to practically nothing. THEVERGE

HUMAN NEWS

Telework Reduction Push
The White House is urging federal agencies to cut down on telework and remote work, favoring more in-person office time this fall. This move, described as "critical" to workplace culture and mission fulfillment, is a continuation of an initiative first announced in April. GOVEXEC

Return-to-Office Regrets
Cool story, but in one study 80% of bosses regret their initial decisions about returning to the office, wishing they had a better understanding of what their employees wanted. According to a study by Envoy, many companies feel they could have been more measured in their approach, rather than making bold decisions based on executives' opinions rather than employee data. CNBC

Bankman-Fried Jailed
FTX founder Sam Bankman-Fried is back in jail, this time for witness intimidation and jury tampering. The charges stem from his sharing of private notes from a key prosecution cooperator, his ex-girlfriend and former CEO of Alameda Research, Caroline Ellison. THEMESSENGER

Post-COVID Heart Issues
Doctors are grappling with how to help patients who have developed heart conditions after recovering from COVID-19. The virus has been found to cause significant damage to the heart, even in mild cases. CBSNEWS

UPS Driver Pay Boost
UPS drivers are set to average a whopping $170,000 in pay and benefits by the end of a five-year contract. How can they afford this? The deal, which covers around 340,000 workers, is currently in the middle of a ratification vote that ends on August 22. CNBC

Middle School Struggles
Life's tough for middle school students who aren't attractive or athletic, according to a study by Florida Atlantic University. The study found that these students become increasingly unpopular over the school year, leading to increased loneliness and alcohol misuse. FAU

NOTES

We had the most epic live UL meetup in Vegas! It was a bunch of tables put together, which we ended up adding one to about halfway through. Conversation was great. People got to know each other more. And it was just wonderful to put faces and voices to names. Check UL Discord to see the group photo!

I did 5 different events for BH/DC this year. It actually felt pretty light compared to heavy years. Maybe because I stayed away from both cons for the most part due to concern about getting sick. Will probably get sick anyway though. 🤷

I learned recently, after decades of believing the opposite, that brand-name drugs actually are better. Unfortunately I can’t remember if it was Huberman or Attia, but it was a VERY reputable source. The TLDR is that generic drugs are sometimes identical in quality to brand-name and sometimes WAY worse, depending on where they’re sourced from. Whereas brand-name versions are always sourced from the top-tier providers. Wow.

If you like the format of the vulnerabilities update you can thank Michael from the community for that. He mentioned missing always having a vulnerabilities section, and I’d been thinking about a more narrative style intro to that section for a while. So this week is the first version of it. It should be quite good within a few weeks.

IDEAS & ANALYSIS

What to Build as a Founder
People often ask: “How do you know what to build as a founder?” I can explain: “Build the stuff that you wish existed.” This is related to Martin Scorsese’s quote, “The most personal is the most creative.” Create businesses around the services that you yourself need. X (I can’t believe I’m really typing that instead of TWITTER)

RTO = RIF
RTO is a sneaky way of doing a RIF. They just give exceptions to the super-talented and start from scratch with the few people who move. X

DISCOVERY

⚒️ Llama 2 Powered By ONNX — Microsoft has released an optimized version of the Llama 2 model, a collection of pretrained and fine-tuned generative text models, that runs on ONNX. It's designed for developers to use, modify, and redistribute under the Llama Community License Agreement. | by Microsoft | GITHUB

InfoSec Resume Tips — Reddit user fabledparable shared some extended resume writing guidance for InfoSec professionals. The advice, posted on r/netsec, includes tips on how to make your resume stand out in the cybersecurity field. REDDIT

Jobs' Interview Technique — Steve Jobs had a unique approach to job interviews, preferring to take potential hires out for a walk and a beer, rather than sticking to formal office interviews. This unconventional method was aimed at breaking the trend of scripted responses and getting to know the person better, while still looking for the 'A-Players'. JOE

Therapy Culture's Impact — David Brooks argues that therapy culture seems to be making us less mature and resilient. He argues that the focus on trauma and mental health has led to an epidemic of immaturity, referencing works like "The Culture of Narcissism" and "The Coddling of the American Mind". Similar to a recent post of mine. NYTIMES

Generative Agents — The research team behind "Generative Agents: Interactive Simulacra of Human Behavior" has released their core simulation module for generative agents on GitHub. The module simulates believable human behaviors in a game environment and comes with detailed instructions for setting up the simulation environment and replaying the simulation as a demo animation. GITHUB

Q&A System Evaluation — LangChain has added a new tutorial to their LangSmith Cookbook, focusing on how to measure the correctness of a question-answering system. TWITTER

Vim Boss — This post pays tribute to Bram, the creator of Vim, highlighting his principles, modesty, and the deep value he provided to the universe. The author, Justin M. Keyes, emphasizes that Neovim, a derivative of Vim, continues Bram's legacy in terms of maintenance, documentation, extensibility, and embedding. NEOVIM

Self-Education Through Reading — The author shares his unique approach to self-education through a lifetime of reading, emphasizing the importance of discipline, consistency, and mental focus. He details his strategies, such as reading challenging books for mind-expansion, reading slowly to deeply understand the content, and keeping track of his reading progress. HONEST-BROKER

iOS 17 Features — The author of this 9to5Mac article shares his favorite iOS 17 features, including the improved autocorrect, multiple timers, and the ability to transcribe voice messages in iMessage. He also mentions some features that are yet to work perfectly, such as the Personal Voice and Live Voicemail. 9TO5MAC

Yes, AI is Creative
If humans can’t tell the difference between human and AI creativity, then AI has creativity. The only way to get out of that pickle is to define creativity as something only humans can do, which is cheating. HT: Joseph. ONEUSEFULTHING

RECOMMENDATION OF THE WEEK

When you do covid tests, make sure you’re testing like this. I’d do it even if it was some random guy saying so (because it makes logical sense), but the source is a doctor with tons of legit bona fides.

TL;DR: Swab the back of the throat, roof of mouth, cheeks, AND deep in the nose. Results are often massively different, as he shows.

APHORISM OF THE WEEK

We don't see things as they are, we see them as we are.

Anaïs Nin

We’ll see you next time,

Signature