UL NO. 403: Signal Investigates Rumored Zero-Day Bug, AI Predicts New COVID-19 Strains, Dwindling US-China Scientific Collaboration…

Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Hey there,

Super excited about this X thread I just created about the ExtWis extraction of the convo between Neri Oxman and Lex
Fridman. X broke the thread so you have to read upwards instead of down, but
it’s worth the scroll!

I also woke up with a new joke in my head on Sunday:

“GenZ people should call perpetual liars ‘being stuck on CAPS LOCK’, because
everything they say is CAP.”

I hope you have a stellar week! Let’s get into it.

MY WORK

Extracted Wisdom Analysis of Marc Andreessen’s Techno-Optimist Essay
This just came out this morning, so I just read it and ran it through
ExtWis. It did a fantastic job I think!
READ IT

Extracted Wisdom from Oxman and Fridman’s Wonderful Conversation
My new X thread that covers the conversation between Lex Fridman and
Neri Oxman. Pretty sure this is the most inspiring conversation I’ve ever
witnessed in terms of insights and beauty per second.
READ IT

Extracted Wisdom: Sam Parr & David Perell Discuss Writing
A
wisdom-dense conversation between David and Sam on effective copywriting,
crafting company vision, his reading habits, and tons more.
MEMBERS LINK
|
GET ACCESS

🎙️
Subscribe to the Podcast
I’ve moved podcast ads to the front of the podcast
so that you’ll no longer be interrupted once the content starts!
ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is lyfe.
ADD UL TO YOUR RSS READER

📢 Winter 2023/Spring 2024 Sponsorship Window
We are now opening the window for new sponsors for Winter 2023/Spring
2024. If you would like to get your company seen by over 99,000 of the smartest and most
influential people in security and tech, you should reach out to get on the calendar before the calendar is
filled.

“We’ve had multiple new customers say they heard about us from
Unsupervised Learning, so we’ll absolutely be renewing.”

~ One Recent Sponsor

 EMAIL US AT [email protected]

SECURITY NEWS

Signal’s been chasing rumors about a supposed zero-day bug linked to
their ‘Generate Link Previews’ feature. The rumors have been spreading
quickly, with claims that the bug could allow a full takeover of devices.
But after digging into it, Signal says they’ve found no evidence that this
bug is real. I’d find a vuln like this in Signal especially annoying since
I have to update the client like 13 times a week. MORE

The European Commission’s CSAM detection system works by matching images
on a user device against the fingerprints stored in a central database,
but the system can evidently be manipulated to trigger an alarm for
non-CSAM material as well. MORE

The US Congress got a taste of Predator Spyware via the Vietnamese
government. The targets included representative Michael McCaul and senators
Chris Murphy, John Hoeven, and Gary Peters, as well as Asia-focused experts
at US think tanks and several journalists.
MORE

Vulnerabilities:

• 🪳CISA, FBI, and MS-ISAC are urging admins to patch their Atlassian
  Confluence servers like yesterday, due to a critical privilege
  escalation flaw that’s being actively exploited. MORE

• 🪳Microsoft’s October 2023 Patch Tuesday addressed 3 zero-days and 104
  other vulnerabilities.
  MORE

• 🪳Two High-Risk Security Flaws in Curl Library — Two serious
  vulnerabilities have been found in the Curl data transfer library, one
  of which could lead to remote code execution. CVE-2023-38545 | CVSS
  Score: 7.5 |
  MORE
  |
  MORE
  |
  MORE
  |
  MORE

• 🪳The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has
  flagged a high-severity flaw in Adobe Acrobat Reader that’s being
  actively exploited.
  MORE

• 🪳 Magecart’s New Trick — Magecart is now hiding malicious code in
  websites’ 404 error pages to steal credit card info. | High |
  MORE

• 🪳 Juniper Networks Patches Over 30 Vulnerabilities — Juniper Networks
  has patched more than 30 vulnerabilities in its Junos OS and Junos OS
  Evolved, including nine high-severity ones. | High | CVE-2023-44194 |
  8.4 |
  MORE

Sponsor

🔒☁️Cloudy Skies, Secure Horizons!☁️🔒

Cloud computing is revolutionizing businesses, but with great power comes
great responsibility. Security in the cloud era
is a whole new ball game. Gone are the days of total control over every
security aspect. Now, the cloud is the new frontier, and it’s teeming with
challenges.

In our latest ebook, “Cloudy with a Chance of Security,” we dissect the most pressing cloud security issues of today. We take
you on a journey through the trials and triumphs of four mid-sized
organizations navigating these cloudy waters.

Discover how Wiz can be your guiding light, illuminating the path to robust cloud security. Click here
to supercharge your cloud security strategy. Let’s conquer the cloud
together! 💪☁️🔒

👉wiz.io/lp/cloudly-with-a-chance-of-security👈

Download Now

   

Microsoft’s AI assistant, Copilot, is raising security concerns due to its
access to all user data within Microsoft 365 apps. On average, 10% of a
company’s M365 data, which Copilot can access, is open to all employees.
MORE

A U.S. Navy sailor, Wenheng Zhao, has admitted to taking bribes from a
Chinese intelligence officer and passing on sensitive military
information. Zhao, who held a U.S. security clearance, confessed to
receiving almost $15,000 in bribes from August 2021 to May 2023 while
working at Naval Base Ventura County in California. MORE

A coalition of the tech giants recently revealed the largest-ever DDoS
attack, which compressed a month’s worth of Wikipedia traffic into a
two-minute deluge. The attack peaked at over 398 million requests per
second, exploiting a zero-day vulnerability known as “HTTP/2 Rapid Reset”.
MORE

Microsoft’s new bug bounty program is all about AI, specifically targeting
vulnerabilities in AI-powered Bing.
MORE

The AvosLocker ransomware gang is hitting the U.S. critical infrastructure
sectors hard. The FBI and CISA have released a joint cybersecurity advisory
detailing the ransomware-as-a-service (RaaS) operation’s tactics,
techniques, and procedures (TTPs).
MORE

Equifax just got backhanded with an £11.1 million fine by the UK’s Financial
Conduct Authority (FCA) for their 2017 data breach. The fine was originally
set at £15,949,200 but Equifax received a 30% discount for agreeing to the
penalty early and a 15% credit for good behavior during the investigation.
MORE

AirTags are under scrutiny again, this time with a class action lawsuit
claiming they’re basically a stalker’s best friend. The lawsuit cites over
150 US police reports and a surge in international stalking cases involving
AirTags.
MORE

The gap between top and bottom-earning CISOs is widening, with the highest
earners seeing their salaries increase at triple the rate of those at the
lower end. According to a survey of 600 US-based CISOs, most are earning
either below $400,000 or above $700,000 a year.
MORE

The CIA has officially admitted that the 1953 coup it backed in Iran, which
overthrew the prime minister and cemented the rule of Shah Mohammad Reza
Pahlavi, was undemocratic. You think? Best book I’ve ever read on the
own-goal nature of US foreign policy is
Blowback. It will make you facepalm for sure.
MORE

US intelligence evidently had concerns that something was being planned in
the Gaza strip. They produced at least two assessments based on intel from
Israel, warning of an increased risk for Palestinian-Israeli conflict weeks
before the actual attack. But the expectation was that there would likely be
just another round of small-scale violence by Hamas.
MORE

Finland’s Security and Intelligence Service (Supo) warns that Russia is
currently treating Finland as a hostile country, following a suspected act
of sabotage on Finland’s maritime infrastructure. The incident involved
damage to a subsea telecommunications cable and gas pipeline between Finland
and Estonia, with Finnish authorities suspecting external (ahem, Russian)
activity.
MORE

TECHNOLOGY NEWS

Harvard and Oxford researchers are using AI to predict new COVID-19
strains before they even happen. The AI model, called EVEscape, is trained
on historical viral sequences to predict how the virus could mutate. When
tested with pre-pandemic strains of coronavirus, EVEscape accurately
predicted the most frequent mutations and dangerous variants of
SARS-CoV-2. MORE

California’s giving cities the green light to nab speeders with automated
cameras. The new law, signed by Governor Newsom, is aimed at reducing
traffic fatalities which have been on the rise. MORE

The digital afterlife industry is getting crowded, with companies like
Microsoft considering creating conversational chatbots of deceased
individuals using their social data. I am surprised Microsoft is getting
into this so early. I’d have expected the MANGA companies to wait for others
do work out the creepy first.
MORE

Scientists have developed a bionic hand prosthetic that offers improved
control and comfort. The hand is directly connected to the user’s
neuromusculoskeletal system, allowing it to perform around 80% of typical
daily tasks.
MORE 

Atlassian is spending nearly a billion dollars to acquire video tutorials
platform Loom, aiming to enhance its team collaboration tools.
MORE
|
MORE

Saturday’s annular solar eclipse put a serious dent in US solar energy
output. Grid operator estimates suggest that over a third of the country’s
solar capacity, enough to power about 20 million homes, was offline at some
point during the three-hour event.
MORE

TSMC is spinning up its next tech bump up for 2nm.
MORE

We’ve got a new map of the human brain that’s more detailed than ever. It’s
not just a visual map, but it also includes cellular and genetic levels,
making it a significant jump in our understanding of the brain.
MORE
|
MORE

Adobe and partners have created a symbol to tag AI-generated content, aiming
to provide transparency about its origins. The symbol, dubbed an “icon of
transparency”, will be added to the metadata of images, videos, and PDFs.
MORE

Uber now allows customers to call and request a ride without needing the
app. The new feature, announced at Uber’s annual product showcase, allows
riders to book a ride on-demand or schedule one ahead of time. Is that
really a problem that needed solving?
MORE

HUMAN NEWS

A 21-year-old computer science student, Luke Farritor, has become the first
person in two millennia to read a word from an unopened Herculaneum scroll.
The breakthrough was part of the Vesuvius Challenge, a competition that
awarded Luke a $40,000 prize for finding at least 10 letters in a 4 cm2 area
in a scroll.
MORE
|
MORE

Ireland is swimming in cash, thanks to tax revenue from U.S. tech and pharma
companies. They absolutely nailed their tax strategy to get more
international companies doing business there.
MORE 

The University of Arizona is launching a five-year study to examine if
irritable bowel syndrome (IBS) is a long-term symptom of Covid-19. The
study, backed by a $3.2 million grant, will track over 9,000 participants to
assess post-Covid health impacts.
MORE

The collaboration between American and Chinese scientists is dwindling due
to new rules and political tensions. In 2020, the number of papers
co-authored by researchers from both countries fell for the first time, and
the number of visas awarded to Chinese students and academics by the US is
down to about a third of its 2015 peak.
MORE

Paris is dealing with a bedbug infestation, and it’s not just the discount
hotels that are affected. The bugs have been spotted in places like the
Paris Métro, cinemas, and even schools.
MORE

Pro-Palestinian demonstrations have been banned in France, causing a stir in
the international community. Support: The decision comes after Israeli
flags, raised in solidarity, were torn down and destroyed in several German
towns.
MORE

IDEAS & ANALYSIS

Marc’s New Tech Manifesto
Marc Andreessen just put out his
latest essay, which he is calling a manifesto. It’s basically an argument
that tech is good and that we should be optimists about it. I’m already an
optimist and I already agree, but I like how he lays it out. I just wish he
addressed the counter-arguments with a bit more zeal. He’s an investor and
startup guy. Of course he wants optimism. I’d believe him more if he gave me
good steelman arguments on the other side.
MORE
|

The Best Schools Are On Military Bases
The Pentagon is running
the top-performing schools in the U.S., outshining all other American
districts in reading and math. These Defense Department-run schools,
teaching 66,000 students across U.S. domestic and foreign military bases,
saw 55% of their eighth graders proficient in reading and 41% in math in
2022, significantly higher than the national averages of 29% and 26%
respectively. I can’t believe 55/41 are numbers to brag about, and 29/26 is
just disturbing. For parents/cultures that priortize self-discipline and
education (see Asian/Indian/Jewish households), those are probably like 5th
grade numbers. The difference in metrics and outcomes across
parental/cultural groups needs to be studied and talked about a whole lot
more than it is. It’s a set of behaviors, not magic.
We all need to start copying what we know works
for the successful groups.
MORE

Kids Are Spending 5 Hours a Day on Social Media?
U.S. teenagers
are spending an average of 4.8 hours per day on social media, with girls
spending nearly an hour more than boys. The data, gathered from a Gallup
survey of over 1,500 adolescents, reveals that 51% of teens spend at least
four hours daily on platforms like YouTube, TikTok, Instagram, and Facebook.
The study also found that teens with lower conscientiousness and those with
parents who don’t restrict screen time tend to spend more time on social
media. Stunning. Well, the number is really stunning, but it’s not
surprising that those with lower self-discipline and parents who don’t
enforce rules spend more time online. I’m starting to think self-discipline
is like the thing to focus on for predicting success, and the main
thing to try to nurture in kids. This is also supported by the fact that
high conscientiousness (one of the OCEAN traits), is the
strongest predictor
of future success other than IQ.
MORE

Where are the Women on Github and AI YouTube?
Why are so few women creating projects on Github? A recent study found
that women make up only 6% of contributors on GitHub, and that if you
looked at people with more than 10 commits it went down to like 4%.
Meanwhile, women are something like 51% of the creators on YouTube. It’s
obviously not a creative talent difference, so why aren’t they creating
code projects? I especially noticed this recently with AI stuff. I noticed
the other day that I follow like a million AI influencer types who are
writing code, sharing it, and talking about it on YouTube. And I have only
seen a couple that are women. What’s going on, both for AI coding and
Github creation in general? Whose fault is this? Is it simply a preference
difference? Like is coding for fun just not as interesting to women? And
if so, how much of that is something to be addressed or “fixed” vs. being
ok? My problem with it being considered a sign of gatekeeping is that
there’s no gate on Github. You just post stuff. Most people who do get no
love whatsoever but they still post because they want to. And there’s obviously no gate for women creating and crushing on
YouTube. Conversely, my problem with it just being “ok” becasue “it’s
preference thing” will empower people saying disparities in technical
roles in companies is also ok, because “fewer women just want to do those
jobs”. I believe that mentality raises biases in hiring managers and DOES
create a gate, locking out women who actually want those jobs. What do you
think? MORE

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

💡A recommendation as you build your AI apps:

➡️ Focus and spend time on optimizing the broader pipeline of your idea,
not on specific implementation details.

It’s a waste of time to optimize tooling that will be obsolete in weeks
or months.

🔗Focus on the PIPELINES. #ai…
twitter.com/i/web/status/1…

 

5:47 PM • Oct 11, 2023

  

1 Likes  
0 Retweets  

0 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

To those who think AI is over-hyped because “a lot of people tried it
and didn’t stick with it”, I have news for you.

Most people don’t read books either.

That’s what AI is. It’s like reading.

You can NOT do it. 100%. Just know that you’ll be working for the people
who do.

 

8:14 PM • Oct 11, 2023

  

19 Likes  
1 Retweets  

5 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

Another thought on AI development.

A lot of consumer tech follows these phases:

1. Starts as a crazy idea
2. First version is a cool gadget or app

3. It becomes a serious company
4. It becomes an OS feature

As such, most AI apps/companies today are future OS features.

 

9:21 PM • Oct 11, 2023

  

4 Likes  
0 Retweets  

0 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

If you can only write publicly about certain, narrow topics for fear
you’ll get no views or even negative comments, then you haven’t built a
platform.

You’ve built a prison with transparent walls.

Why stand on a soap box and ask the crowd what you should say?

Be yourself.

 

10:33 AM • Oct 12, 2023

  

32 Likes  
5 Retweets  

4 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️
@DanielMiessler

💡

A tweet is a just a really abbreviated book.

A book is just a really elaborate tweet.

And that’s because tweets and books aren’t real things. They’re
arbitrary containers.

It’s all just ideas. Don’t get too caught up on the format.

 

1:27 PM • Oct 13, 2023

  

12 Likes  
1 Retweets  

5 Replies

Triple Screens? Seriously?

Triple-dividing Your Attention, to Keep Your Attention
There’s a
thing that’s been happening on TikTok for a few months now that started with
two screens, but now it’s branched into three. They have the main content
playing, but in order to retain you they also play something else like a
video game with action. So what happens is when you get even micro-bored
your brain goes to the video game. Then when they say or do something
interesing, you jump back to the main content. Well now they’re
triple-splitting the screen. How is a book supposed to compete with that?

NOTES

Apple’s new Snoopy watch face on watchOS 10 is the sleeper best watch face
on the Apple Watch. It has the most personality of all of them, and the most
variation. Loving it, and this article describes the features well.
MORE

Taylor Swift’s ‘Eras Tour’ movie is out, and I’m absolutely going to see it.
I don’t know much of her music, but
I 100% consider her one of my heroes. And I don’t use that word
lightly. I think she’s crushing life, and that she’s a role model for doing
what you believe and changing reality to conform with it. To me she’s like a
Jobs or Musk, but nicer.
MORE

Jonah Hill’s new Netflix documentary spotlights the transformative
psychotherapy methods of Phil Stutz, who prefers to give his patients
actionable steps rather than just listening. Stutz’s approach involves a
series of “Tools”, simple steps or actions that can change your inner
state almost immediately. This is on my watch very soon list.
MORE

This newsletter (content and format) has felt the most UL and the most “me”
of any in a while. Let me know if you enjoyed it.

DISCOVERY

⚒️ Stompy — A handy tool for tweaking MAC times to a specific timestamp. |
by
ZephrFish
|
GITHUB

⚒️Scalar — A nifty tool that lets you generate interactive API
documentation from Swagger files. It’s got a bunch of cool features like
request examples for a ton of languages and frameworks, an integrated API
client, and the ability to edit your Swagger files with a live preview. GITHUB

⚒️ ffuf — (fuzz faster you fool) A fast web fuzzer written in Go that allows
you to fuzz URLs, headers, and POST data. It’s got a ton of features,
including recursion, auto-calibration, and an interactive mode. | by
Joona Hoikkala
|
GITHUB

So, there’s this cool Github project that’s compiled all of ChatGPT’s
system prompts. | by SPDustin | GITHUB

US citizens or permanent residents with permanent disabilities can now get a
lifetime pass to National Parks for free.
MORE

There’s a fresh perspective on the 4-day workweek concept called an 80%
job. It’s a 32-hour gig at 80% salary. I like the willingness to think
differently, but 32 hours is still basically 40 hours. MORE

The US has $5 billion in Bitcoin. MORE

A Bay Area gang was slashing BART seats as part of an upholstery racket.
MORE

AI’s getting pretty good at predicting earthquakes. MORE

Mark Manson has curated a list of 14 non-fiction books he believes
everyone should read. MORE

OpenAI’s GPTDiscord is a robust, all-in-one GPT interface for Discord,
enabling users to chat like ChatGPT, generate AI art, moderate servers, and
get AI-assisted insights.
MORE 

A new automation startup, Relay, is aiming to outdo Zapier by offering a
workflow automation platform that uses AI and goes beyond the usual triggers
and actions. I’m also looking at
Make
for a Zapier alternative.
MORE

Leap AI is a tool that lets you design, test, monitor, and deploy AI
workflows.
MORE

Job hunting for software engineers has taken a strange turn, especially
for contractors. It used to be a two-week process, but now it’s stretching
into months with no leads. MORE

HOTSAT-1, a new high-resolution thermal satellite, can show temperature
differences down to a resolution of 33 feet, which is a big jump from the
330 feet, 1,650 feet or 3,300 feet resolutions of previous satellites.
MORE

Microsoft’s Paint app is getting an AI-powered upgrade called Paint
Cocreator, which helps you create artwork by just describing what you want.
MORE

Google is letting users generate AI images directly from the search bar.
MORE

SaaS startup founders share advice they’d give their younger selves.
MORE

Kubiya.ai is using ChatGPT to streamline DevOps.
MORE

Apple’s iPhone and Apple Watch continue to be popular among teenagers, with
87% owning an iPhone and 34% owning an Apple Watch. The survey also revealed
that 88% of teens expect their next phone to be an iPhone.
MORE
|
MORE

RECOMMENDATION OF THE WEEK

I’m getting tons of insanely valuable insights out of watching Robert
Sapolsky clips on YouTube. He’s one of Huberman’s mentors at Stanford and I
first came across him when I read
Behave
back in like 2017. It’s one of my Top 50 books on the bookshelf. Sapolsky is
working on what I consider to be some of the most important questions at the
intersection of biology and human behavior. Highly recommended.
MORE
|
MORE

APHORISM OF THE WEEK

❝  

Genius is nothing more nor less than childhood recovered at will.

  Charles Baudelaire

403