Unsupervised Learning Newsletter No. 277

News & Analysis

STANDARD EDITION | EP. 277  | April 19, 2021 

🔥 Frontview Mirror | 2021 Edition — The first edition of my new annual look at current trends, how they may intersect, and how we might adjust accordingly. If you've been thinking about signing up anyway, this is a great reason! Sign Up to Get Immediate Access

SECURITY NEWS

CISA, FBI, and NSA have released five enterprise vulnerabilities that are being actively exploited by Russia's APT29 group. They affect Fortinet's FortiOS, the Zimbra Collaboration Suite, Pulse Secure VPNs, Citrix ADC gateways, and VMware Workspace ONE. More

The FBI got a court order to access—without authorization from the target—hundreds of organizations who'd been hacked with Exchange-related web shells. Their mission was to go in and clean them up in an attempt to prevent further access and damage. My take on this? I'm basically clapping from a distance with a worried look on my face. Like, I love the initiative, and I think we need more of the good guys to be proactive like this. But I'm a bit worried about the precedent of being ok with government organizations doing such things. The problem with emergency powers is that they seldom go away after the emergency. More
 
The US has sanctioned Russia and expelled 10 diplomats in response to the Solarwinds attack. More

Google is facing major opposition to its proposed replacement for third-party cookies. The new system is called FLoC (Federated Learning of Cohorts), and it works by—stay with me—reading your browser history, and then…hey, where did you go? That's kind of the problem, nobody is really reading past that part. It evidently has some decent privacy protections built in that try to anonymized the data, but those are hard to accept when you start by gazing at the most intimate part of someone's online life. Like you can't open a conversation about home privacy by saying, "We install bedroom cameras, but let me tell you about how well we secure them." They lost me at the intro. More

NERC is a non-profit regulatory authority used by the US and Canada around electric energy reliability, and they say about 1/4 of the 1,500 electric utilities sharing data with it downloaded the Solarwinds malware. More

Norway has partnered with the US Military to allow it to build in its country. The move comes as both countries become increasingly worried about Russian aggression. More

China is producing top-quality TV shows that are actually propaganda. Imagine The Mandalorian, or Queen's Gambit, but it makes you love the government. Well, they pulled it off with a show called Mining Town. More

Vulnerabilities:

  • NSA found four new Exchange vulnerabilities, and Microsoft has released patches. More

  • Juniper has patched an RCE vulnerability that allows attackers to hijack the JunOS operating system. More

  • Adobe's released updates to RoboHelp, Bridge, Digital Editions, and Photoshop. More

  • Zerodium is temporarily offering $300,000 for high-impact Wordpress vulnerabilities. More

Incidents:

  • Codecov (they do code quality analysis) got compromised by an attacker modifying their Bash Uploader functionality. You know, those code snippets that you're supposed to paste right into your shell? The ones that everyone is told not to do? Or that you need to review the code for first? Well, theirs actually got compromised. Code was added that stole data from anyone who executed it. Kudos to the security team for actually finding the hack, though. I don't think many would have found it as fast, if at all. More

  • Gay dating site, Manhunt, has been hacked, with thousands of accounts stolen. More


TECHNOLOGY NEWS

SpaceX won the $3 billion NASA contract to put humans on the moon. More

Citgroup Inc. says Bitcoin mining is consuming 66 times more energy than it did in late 2015. More

A new "whitest ever" paint has been developed that reflects back 98% of sunlight. It's being pitched as helpful against climate change. More

Cloudflare has made their Pages product generally available. It basically lets you connect a web project on GitHub to Cloudflare, so when you push to GitHub it updates the site on Cloudflare. So it's hosting plus development/deployment integration. More

After taking flack about the kinds of creators they were funding, Substack has announced they're putting $1 million dollars into funding local journalists. More

Over 650 tech workers at the NYT have formed a union that includes software engineers, designers, data analysts, and product managers. They'll be represented by the NewsGuild of New York, which already represents over 1,300 New York Times employees in other parts of the company. More

The FCC looks like it's taking the Robocall issue more seriously now. It's talking to cellular providers about their blocking tools, sending cease-and-desist letters, and is looking at how companies are implementing the TRACED act. More

Logitech has killed off the Harmony unified remote control, and people are wondering what—if anything—is going to replace it. More

Companies

  • Microsoft has purchased Nuance, an AI company, for $16 billion to focus on healthcare technology. More

  • Dell is spinning out VMware. More

  • Squarespace has filed for a direct listing on the NYSE. More

  • Scale AI, a startup that helps companies label and curate data for AI applications, says they just raised $352 million and are now valued at $7.3 billion. More


HUMAN NEWS

Half of US adults have received at least one dose of a COVID vaccine. More

There are millions of job openings in the US while 17 million are still collecting unemployment. There appear to be multiple reasons for this, including people still being worried about COVID, and the fact that many of the open jobs pay the same or less than what people are getting from unemployment. More

The Western US might be entering its worst drought period in modern history. More

Nassim Taleb says Bitcoin failed as a currency and that it's now pure speculation. More

A new study has found 500 genes that link depression and anxiety. More

The EPA approved a private company releasing GMO-modified mosquitos into Florida. The technology is designed to combat dengue fever, Zika, and other mosquito-borne viruses, but there is pushback from the community. More

Reuters is switching to a pay model for a subset of its deeper analysis content. More

UFO sightings are getting seriously interesting, which is not a sentence I ever anticipated writing. I don't really follow the scene much, but it seems casually to me that the quality of the people/sources reporting legitimate UFOs (unexplained things, not actual aliens) is rising. This new footage taken by the US Navy is quite strange indeed. It's a bunch of triangle-looking objects acting very strangely. I personally think these are likely to be quite terrestrial, i.e., probably other US craft, or drones out of China/Russia. But I really do hope they're part of an alien Doomsday Defense Force, just hanging out to keep us from destroying ourselves. That'd be nice. More


CONTENT, IDEAS & ANALYSIS

A Dogecoin Primer — Dogecoin is blowing up right now. It was at six cents like two weeks ago, and now it's up between 25 and 50 cents. Here's some basic information on it just in case it comes up in conversation or you are thinking about spinning the wheel. More

Thinking About Different Types of Digital Value Exchange — Some thoughts on all this talk around cryptocurrencies, NFTs, micropayments, and how I think about them. More


NOTES

I'm currently reading Tegmark's Our Mathematical Universe. It's knowledge about the known universe that's many levels of depth further than I've heard any other place. More

I'm also reading our UL Book Club book of the month, which is The Island of Dr. Moreau. More

Next, I'm going to be deep-diving into a number of Matt Ridley titles, including re-reading The Red Queen, which is about evolution. More


DISCOVERY  

Malwarebytes — My go-to anti-malware tool on Windows and Mac. It's what I recommend to everyone, and have been for nearly a decade. And as a show supporter, they're offering us 25% off. [SUP] Get Your Discount Read Their New SMB Cybersecurity Trust & Confidence Report

What I Wish I Knew About U2F and Other Hardware MFA Protocols More

How to Read a Watch Bezel More

A reporter at The Register says a British MP told him that Google GMail was more secure than Microsoft 365. That feels intuitively true to me, and I'm guessing most infosec people would agree. More

TIL Israel has sex surrogate therapy. Fascinating. I wonder how this affects their incidence of incels, and if something similar could work in the US? It can't because we're different. But what would you think about such a thing? At first thought, I think I'm pro. More

Why Most Nonfiction Fails to Make Money More

China is Betting That the US is in Irreversible Decline More

Use console.log() Like a Pro More

A Kubernetes pentesting methodology. More


RECOMMENDATIONS

If you hit the "/" key on your keyboard while on Google, you'll jump back to the search field. This is a Vim command, and it's very cool. One problem though: I never use the Google web page: I search from the URL bar. But if you use Google's site, this will be magical for you. More

High-quality audio evidently makes you sound smarter. So if you've been putting off a mic/production upgrade, maybe go ahead. More


APHORISMS


“Complete possession is proved only by giving. All you are unable to give possesses you.”

~ Andre Gide