Unsupervised Learning Newsletter NO. 335

EP. 335 | JUNE 13 2022

Greetings all,

So I think the Covid finally got me. Still testing negative but I expect that to change any moment. I've already started antivirals. The proximate cause was RSA, and pretty much everyone I know who went now has it. And we're all risk professionals! That tells you how much we needed to see our fellow humans.

Anyway, I hope you have a solid week. It'll likely be much better than mine.
— Daniel

SECURITY NEWS

The Follina Windows vulnerability is now being used to deliver many different types of malware. The flaw remains without an official patch and has been known for multiple years, but it just recently become well-known and widely exploited. More | Workaround

NSA has co-authored an advisory around the ways China has compromised US Telcom networks and providers in an attempt to gain access to communications. More | Report

China is offering up to $15,000 in cash, or a 'spiritual reward' for people who submit national security tips. The goal is to get the population to tell on itself for things related to foreign espionage and "hostile forces". Strong Stalin vibes. More

A number of US Navy documents have been released on the drone swarms that have been observed near Naval vessels in the recent past. The documents were attained via FOIA requests, and they include a significant number of images and a decent amount of analysis. There are multiple mentions of a "quadcopter" design, but for the incidents in the middle of international waters you have to wonder what type of range these things had. My personal bet on all of this, as a non-expert, is that it's mostly China being brazen. I don't know of too many other entities with the tech, the time, and the brazenness to do this type of work. More

An Austrian security researcher named Martin Herfurt found a way to exploit a 130-second window after a Tesla is unlocked via an NFT key to add their own key via Bluetooth. More | Video

China is one of the first nation-states to exploit the Confluence Server vulnerability, but it's not being used by multiple state-sponsored attacker groups. More

Companies:

• Security Week's Cybersecurity M&A Roundup More

TECHNOLOGY NEWS

Crypto continues to crash, along with the rest of the stock market. I wish I had some better analysis here, but nobody has any idea what's about to happen, and you should be cautious of anyone who claims to. I think the only thing I can say for sure is to get yourself into resilience mode. Not like bunker style, but like "potential for months of uncertainty" style. As far as specific investments, I'm mostly in Ethereum, and I'm staying in it because I think it'll survive long-term. But I have no earthly idea if it rebounds in weeks, months, or years. Meanwhile, a major crypto lender has frozen withdrawls. More

The question is A Google engineer named Blake Lemoine, who works for its Responsible AI group, has come out publicly saying that the AI he was testing is sentient. He came to this conclusion through conversations with the AI in which the AI talked about its point of view on the rights and ethics of robotics. Google has placed him on leave for violating his confidentiality agreement. It's an interesting case because it's not super surprising to have someone who's paid to be a watchdog for AI Responsibility to take things into their own hands when they see something. More

I'm running the iOS 16 beta and there are some really cool improvements. First, you can now edit and recall texts if you said the wrong thing or sent something to the wrong person. They also massively updated the lock screen, allowing you to put widgets on the screen and have different lock screens for different focus modes. There's also a new feature around automatic updates, which are quick updates that install automatically and don't require a reboot. And my favorite so far is haptics for the keyboard. So even if you have the sound off you still get feedback when you type, making it much more like a physical keyboard. More

Microsoft is winding down in Russia, laying off over 400 people. More

Meta is looking at Sheryl Sandberg's use of Facebook resources over several years. More

Salesforce is getting into the NFT space with its new NFT Cloud, which is a platform that makes it easier to get into the space by helping customers mint and sell their own NFT offerings. More


HUMAN NEWS

Britain is doing an experiment with a 4-day workweek, with thousands of workers participating. More

Microsoft is going to start including pay ranges in all of its job postings. More

US inflation hit 8.6% in May, which is the highest it's been since 1981. More

K-12 Workers have the highest burnout rate in the US. More


CONTENT, IDEAS & ANALYSIS

🔥 How Good is DALL·E at Creating NFT Artwork? — I used OpenAI's AI-powered image generation beta to create some NFT artwork, and it's scary good. More

Why Everyone Needs a Blog — My latest post explains why you should be blogging. I've done many of these, but this one is shorter and more to the point. More

Just Copy What Works — A crazy-simple idea on how to get the results of someone you look up to. More

Covid Risk Management — I'm amazed at what just happened at RSA (an annual security conference in San Francisco) with regard to Covid. I went. Many of my security friends went. And much of the industry went. I'm pretty sure I got Covid from there (still negative but I have all the symptoms), and I was very reluctant to go before I did. I went because I needed to. My friends were going. The industry was going. And after around three years of all of us being separated, combined with the existence of vaccines and antivirals, it just felt like the right time to take the risk. Even then, I still didn't go to the show floor. Or to any talks. And I spent the entire week being the only idiot in the room wearing a mask. I saw very few masks, and virtually none inside small spaces. Most people somehow decided the pandemic was over, or that the risk was worth it. Not sure which, but probably more the latter. And the mask didn't protect me, so the joke's on me I guess. Maybe I got less of a viral load though, who knows. Bottom line is that many people who judge risk for a living decided to go maskless in small rooms with tens, dozens, or hundreds of other people. And pretty much everyone I know who went is now testing positive. What does that say about us? I think the strongest thing it says is that we're over it. Not technically, but mentally. That's one possibility. The other is that our livelihood is based on being social, so we have to take that risk. I get all of that, but I'm still so surprised that so many of us made that choice, including myself. I mean I was close to calling this thing endemic and just relaxing my protections anyway. I've not been worried about getting it for weeks now; the only thing I am worried about is Long Covid, i.e., long-term disabilities related to cognitive ability or blood flow/neurology. So the plan was to hold out for a few more months while we learned more about that. Welp, so much for that. We're silly apes. Silly social apes.


NOTES

I finally migrated my site's database to Amazon RDS. Took long enough (been running the site since 1999). I was actually re-deploying via Terraform/Ansible and Amazon Linux 2 was having serious trouble installing a mariaDB / MySQL option that worked with PHP 7.4. I'm amazed this isn't a solved problem. Anyway, I just uploaded my latest backup to RDS and changed my hostname in wp-config.php and boom, it worked. It actually feels snappier I think, which is counterintuitive. It could be because I went with the Aurora option, which might have offset not being local. Anyway, happy to have another part of my stack in a modern state. I was thinking about moving the rest to Elastic Beanstalk, but I still like too much about having full control of the "front" end, etc. But I think as soon as I can find a more elegant solution, like Ghost perhaps, I'm going to move out of the old world of managing my own box. For this box, anyway. So yeah, let me know if the site feels faster or slower.

 

DISCOVERY

Avoiding B.A.D. Behaviour — The difficult relationships between nihilism, cybersecurity professionals, and Being A Dick behaviour. More

"the ai art thing is fake. i’m the guy who has to draw all the requests like the chess player inside the mechanical turk. you’re torturing me. i spend every waking hour drawing shit like “joe biden asuka wedding” and “donkey kong nuremberg trials” please stop. i need to sleep" More

You could have a thinking digital twin before the end of the decade. More

Examples of Barbell Strategies More

You can bypass paywalls by adding "12ft.io/" to the front of the URL. Allegedly. More

The difference between a million and a billion is counter-intuitively large. As an example, a million seconds is 12 days, and a billion seconds is 32 years. I had to look it up to confirm. That's bonkers.

iOS 16 lets you turn on haptics on your iPhone keyboard, separately from click sounds. Gamechanger for sure. Makes the whole experience more solid.

[ Attack Surface ] Purple Leaf S3 Bucket Scanner — Check bucket-level permissions to identify data exposure. More


RECOMMENDATION

Consider keeping some Paxlovid on hand for yourself and your family. The science is early, but it appears that a primary factor for getting Long Covid is how bad you get Covid, so having antivirals around to reduce impact is potentially a good protection. Again, nobody knows this for sure, but that's my take. You can get Paxlovid by talking to a doctor remotely and having them send a prescription to your local pharmacy. Took me like 90 minutes to have it in-hand. More


APHORISM

"If you’re thinking without writing, you only think you’re thinking."

— Leslie Lamport