- Unsupervised Learning
- Posts
- Unsupervised Learning Newsletter No. 286
MEMBER EDITION | No. 286 | Monday: June 21, 2021
SECURITY NEWS
Cybereason found in a study that 80% of companies that paid a ransom got hit again, and that 50% of those attacks came from the same threat actor. Lesson? Assume you're still completely compromised even after you pay and get decryption keys. And assume someone is coming back unless you take significant action. More
Google launched a new proposed solution to software supply chain attacks called SLSA (pronounced Salsa). It's a set of security guidelines that looks to provide end-to-end integrity of the software supply chain, and it has four levels: Level 1 requires that the build process be fully scripted/automated and that provenance is generated, and Level 4 requires a two-person review of all changes and a fully reproducible build process. I like that this exists, but I worry that few software organizations will be mature enough to use it in the short to mid-term. More
South Korea's Atomic Energy Research Institute (a think tank) says it was breached by North Korean attackers using a VPN vulnerability. They're currently evaluating the scope of the penetration and damage. More
Canon put AI cameras into its Chinese offices that only let in smiling workers. They said, apparently without irony, that they did it to improve morale. More
People in Texas are complaining that their energy companies are remotely accessing their smart thermostats to raise the temperatures in their homes during extremely hot days. It's evidently part of an agreement they signed, giving the companies the ability to save energy. That's a nope for me. More
Southwest has had to shutdown most of its operations, and ground hundreds of flights, due to multiple computer outages over two days. They said the outages were caused by weather data issues and network performance problems. More
Stripe has launched Stripe Identity, which lets you programmatically confirm the identity of users. I feel like a lot of identity startups just had a really bad week. More
Vulnerabilities:
Cisco issued updates for multiple products. More
Incidents:
CVS exposed 1.1 billion customers' data due to insecure cloud storage. More
A fertility clinic in Georgia disclosed a data breach after patient files were stolen during a ransomware attack. This is a reminder that ransomware can be an attack on confidentiality and integrity as well as availability. More
TECHNOLOGY NEWS
Spotify has purchased a podcast discovery service, Podz, to help bolster its podcasting play. Podz automates the processing of extracting key moments from podcasts. More
Many are upset with Google for performing or allowing a force-install of an Android-based COVID notification app in Massachusetts. Evidently the install happened silently and is hard to remove. More
It's Amazon Prime Day (June 21 and 22). More TVs Smart Home Gaming Work From Home
Starlink internet dishes go into thermal shutdown at 122 degrees Fahrenheit, and people with dishes in direct in hot areas are experiencing outages. More
Niantic, the creator of Pokémon Go, is making an AR Transformers game. More
Companies:
HUMAN NEWS
Science is pointing to the idea that it wouldn't actually take long for an alien race to populate the galaxy with sub-light travel. This is adding weight to the question of, "If they should be so plentiful, where are they?". Here's one idea, if our silly selves could come up with the Prime Directive in the 1960's, maybe they're just hiding from us.
Japan's government is looking to encourage companies to offer employees a 4-day work week, but experts disagree about whether it'll be accepted or net-positive. More
CONTENT, IDEAS & ANALYSIS
Reality and Meaning — My casual thoughts on the hierarchy of truth and meaning. More
NOTES
I'm hoping to have a new living situation soon, with more room. I've been operating in kind of a limited state/capacity for many years, and that might be coming to an end. More room. More artistic expression. More exercise. Drastically improved diet. I expect my creative output to exponentially improve compared to the last year or two, and I can't wait.
One or two more weeks of bad podcast audio. Apologies. It'll be fixed soon, one way or the other.
Ben Sadeghipour, aka NahamSec, interviewed me on his show on Sunday, and the conversation was fantastic. It went nearly two hours and didn't feel long at all. Really enjoyed the conversation—especially around the intersections of hacking and real life. Tweet Ben's YouTube Channel
Reading: I've finished Lifespan, by David Sinclair, and I'm currently reading the new Kahneman book, Noise. I'm also re-reading Speaker for The Dead, which is our book club book!
DISCOVERY
Modern Unix Tools — A collection of tools that replace standard UNIX/Linux options. I use a few of these and I think they're worth looking at. Particularly: lsd and ripgrep. More Ripgrep Release 13.0.0
Impaktek — A new newsletter that combines tech job openings. More
Eulogy.io — A GPT-3 powered eulogy generator. More
Future — A new essay site on the topic of the future, by a16z. More
Retrieving AWS Credentials from the CLI (Pentesting) More
Choosing Your North Star Metric More
RECOMMENDATIONS
Read this definition of Stoicism and do these 9 exercises to get started. It's a bit long, but it's a phenomenal intro to Stoicism's concepts if you're a newcomer. More
APHORISMS
“If it cost you your peace of mind, you overpaid.”
~ Rigel Dawson