Unsupervised Learning Newsletter NO. 340

🗞️ NO. 340 — STANDARD EDITION | JUL 18 2022

Happy Monday,

I hope you have a wonderful week. Let's get into it.
 

— Daniel

SECURITY NEWS

San Francisco Civilian Surveillance Access
San Francisco is trying to get access to private citizens' surveillance cameras, like their Ring cameras, doorbell cameras, etc. What's not super clear from the law, or the analysis so far, is whether they're asking for that access or requiring it. I'm pretty sure it's just asking for it, which makes it less draconian than people are making it out to be. Still, those cameras will see a lot, and it's smart to ask what they might see and what they might do with it. More

APTs Targeting and Posing as Journalists
Proofpoint says APT actors from China, North Korea, Iran, Turkey, and other countries are targeting and posing as journalists. They're going after email accounts, social media accounts, and even posing as journalists themselves to go after non-public information. More

TikTok Security Lead Out
TikTok's head of security, Roland Cloutier, is stepping down at the beginning of September. This comes as TikTok faces heavy scrutiny for how much data it has on Americans, combined with the fact that data is accessible by China. There are plans to move all US data to Oracle on US servers, but multiple whistleblowers have indicated that China can still see the US data. More

Log4j Will Remain Endemic
The US DHS says log4j will remain endemic for 10 years or more, meaning it will spread everywhere and resurface constantly. What that really means for organizations is that you have to keep scanning for it and keep patching it. More

New Virus in Tanzania
There's a new virus in Tanzania that's killed 3 out of the 12 people it's infected. Authorities are investigating it, but they say it's not Ebola or Marburg. That combined with BA.5 and the rise of Monkeypox has me rethinking the whole Vegas security conference thing. Not that I'm overly concerned about any one of them…it just seems like some prime staying-at-home time. More

Vulnerabilities

• CRITICAL | Juniper issues multiple patches, and CISA has advised people to update. More

• HIGH | SAP vulnerabilities in Business One. More

Companies

• Bishop Fox raises $75 million to continue doing Offensive Security. More

TECHNOLOGY NEWS

TikTok Takes Over YouTube
Kids and teens are now watching more TikTok than YouTube. More


HUMAN NEWS

Hubble —> Webb
The Webb telescope images were released last week, and this website lets you compare images of the same objects from each telescope side by side. Thank you for your service, Hubble. More

988 for Mental Health
The US has a new mental health hotline that can be accessed by dialing 988. The service launched Saturday, and it's now renamed the Suicide and Crisis Lifeline, vs. Suicide Prevention Hotline. It runs 24/7. More

India Will Soon Pass China in Population
India will pass China in population in 2023, and already has 1.4 billion people. In fact there's a demographic disaster in China that not many know about. Much like other parts of the developed world, there are too many old people and not enough young people having kids. There are some new leaks/estimates coming out of China saying that in 2050 China will have only ~700 million people. More


CONTENT, IDEAS & ANALYSIS

✍🏼 So You Want to Start a Blog… [2019]
I recommend to everyone that they have a blog, and more people have come to me recently asking how to get started. If you're thinking about making the move, this is my best primer. More

✍🏼 Why Aspiring Influencers Should Build Their Brands on Their Own Domains [2020]
In that same vein, here is why you should do it on your own site, and not on one of the third-party blogging services. More

Do + Share
I love this article called Publishing Your Work Increases Your Luck. It talks about how you improve your chances of being discovered by 1) doing better work, and 2) talking about it. Highly intuitive, but I really do see it as that simple, and it's why I advocate to everyone I consult with to start a blog. It also reminds me of Don't Trust Your Gut, a book I just read that talks about what successful people have in common. It gave the great example of an artist who creates tons of art for decades vs. someone who constantly hustles to get their stuff in galleries. Turns out you have to hustle to get noticed. Same concept. From the article: "Whatever you’re excited about, be excited about it publicly. Whatever you’re curious about, be curious about it publicly." More | Book Summary (Members)
 

NOTES

I upgraded my home computer from a Mac Pro to Apple Silicon this week, going with an M1 Max system. It's night and day faster than my Mac Pro, which should beat it on paper, but the architecture upgrade of System on a Chip is just too much. This thing pops. Everything is nearly instantaneous and things that were taking me 10 minutes on my old system are taking me like 10 seconds now (although that one could be a settings difference). Absolutely love it. The M1 Max

I have a 5-foot version of the new Webb image of the Carina nebula on the way! It's going to be the main piece in my upstairs hallway. I downloaded the raw version that's like 170MB in size and ordered the metal print online from that. More

I'm getting excited for my upcoming talk on Vulnerability Management. I've shown a few close friends the content and they've had positive things to say. I have a second shorter talk in the works too, but Recon Village said they didn't want me to do it there because I talk about Project Discovery tools (because they also have a commercial product). Their loss. Pretty much everyone has a commercial product these days, and I am only talking about the open-source tools, not anything commercial. Oh well, I'll give the talk elsewhere and publish it on my own site. 🤷🏼‍♂️

 

DISCOVERY

The DALL-E Prompt Engineering Book
Using DALL-E well comes down to creating great prompts. This PDF is a deep dive into the topic, and it looks great too. More 

Freddie DeBoer
I'm really enjoying the writing of this new guy I've found called Freddie DeBoer. His writing is clear and courageous, and he's both a Marxist and anti-woke. All his combined turns his commentary to oxygen. More 

MITRE ATT&CK for Kubernetes
The MITRE ATT&CK Matrix for Kubernetes is a knowledge base of techniques and tactics, indexed and broken down into detail the exact steps and methods attackers use to infiltrate the Kubernetes cluster. More

A Collection of Razors by Sahil Bloom
A “razor” is a rule of thumb that simplifies decision-making. Here's a great set by my favorite Twitter Thread creator. More

How to Untangle Headphone Cables
"Shake and Pull Gently" is evidently the best algorithm. More

Dr. Becky
If you're into science, and specifically Astrophysics, you should follow Dr. Becky. I watched her reactions to the Webb images and it was absolutely wonderful. Been watching more of her stuff now too. I love seeing people excited by science! More

Amazon GuardDuty S3 AI
Amazon GuardDuty has incorporated new machine learning techniques that are highly effective at detecting anomalous access to data stored in Amazon Simple Storage Service (Amazon S3) buckets. More

The AIR2 Microclimate Helmet Mask
If you want to go all-in on the mask situation, here's a helmet with 4 HEPA filters and 2 fans. More

Mars Sunset
I have this Mars sunset as an art piece (metal print) on my wall. A sunset pic from another planet! More

FLO Masks
I just ordered two of these FLO masks, on recommendation from Leslie Carhart. More

Education Doesn't Work
Freddie deBoer's long-form argument that academic outcomes are largely set and immutable. More
 

⚙️ TECH | AutoRegex
A website that gives a prompt to GPT-3 and spits out a regex. More 

⚙️ RECON | IPInfo CLI
IPInfo is already awesome when used with curl, but it's even more awesome with a dedicated CLI. Note that this one install also includes grepip, prips, cidr2range, range2ip, and randip! More

⚙️ RECON | Affinis
Subdomain discovery via a Recurrent Neural Network (RNN). More

⚙️ RECON | Naabu
A very fast port scanner focused on CLI piping as part of a toolchain. More | by Project Discovery


RECOMMENDATION

Try to stay vigilant on the Covid front. BA.5 is bypassing both vaccines and previous infection, and most analysis says you get progressively worse long-term effects if you get it multiple times. I know it sucks, but try to remain cautious. Maybe consider getting a CO2 sensor to serve as a proxy for air quality and circulation. More


APHORISM

"Nothing is so dangerous as being too modern; one is apt to grow old-fashioned quite suddenly."

— Oscar Wilde