UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning
is a Security, AI, and Meaning-focused podcast that looks at how best to
thrive as humans in a post-AI world. It combines original ideas, analysis,
and mental models to bring not just the news—but why it matters, and how
to respond.

TOC

• INTRO

• MY WORK

• SECURITY

• TECHNOLOGY

• HUMANS

• IDEAS & ANALYSIS

• NOTES

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

INTRO

Hi!

Super hyped for this week. I’m making great progress on adding stuff to my
AUGMENTED
AI class, which I’m giving live on Saturday. We’re closing signups on
Wednesday, so get in while you can!
RESERVE A SLOT

I’ve also got a ton of work done on my big open-source AI project
I’ve been telling you about for a while! And
I’ll be releasing that probably next week! I cannot wait to share
this thing!

Alright, let’s get into it.

MY WORK

AI’s Predictable Path: 7 Things to Expect from AI in 2024+
My
latest essay on where AI is heading, based not on trying to guess future
tech, but based on looking at what all humans want.
READ IT

My Response to Cory Doctorow Saying AI is a Bubble
Cory Doctorow
thinks AI is a bubble and that it’s going to blow up soon. I think he’s
right about a lot of valuations and gimmicky companies, but very wrong
overall.
READ IT

SECURITY

LastPass is mandating at least a 12-character master password after last
year’s security situation(s). Updates also include checks against breached
credentials and other protections against credential-stuffing attacks.
MORE 

Mandiant’s X account got taken over, which is a bit embarrassing for a
security company as well-respected as them. It’s not clear yet what the
failure was, i.e., whether it was a password/2FA issue or a vulnerability
like the XSS/CSRF one reported by Chaofan Shou. Mandiant is now part of
Google.
MORE

👋 Reminder to please check out our sponsors each week. They help us keep the newsletter and podcast as a viable business model, and are often sharing some pretty cool stuff. 🫶🏻

Sponsor

 🚨Unveiled: The 2023 Kubernetes Security Report🚨

Dive into the unseen depths of Kubernetes security with our latest findings! Our comprehensive scans of 200,000+ cloud accounts reveal a startling
landscape of exposed containers ripe for the taking.

🔍 Inside, you’ll unlock:

• Expert analysis of Kubernetes attack vectors

• In-depth breakdown of Kubernetes attack chains

• Current statistics on security controls and mitigations

• The best defenses against cloud attacks

It’s a current playbook on the best ways to address cloud threats.

🔗 Secure Your Insights:

 wiz.io/lp/the-2023-kubernetes-security-report

🔑Access Your Blueprint to Cloud Security Now!

   

⚠️ Stealthy AsyncRAT Attacks — US infrastructure has been targeted by
AsyncRAT malware for 11 months. | SEVERITY: HIGH | RESPONSE: AT&T
Alien Labs provides detection tools. MORE

Drones are becoming a go-to method for smugglers to transport drugs across
borders. According to a Vice report, these unmanned aerial vehicles are
increasingly being used to bypass checkpoints.
MORE

🏥 HealthEC Data Breach — Over 4.5 million individuals had their personal
data exposed in a breach at HealthEC. The compromised data includes
sensitive information, which is always concerning.
MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🤖 Some folks at Deepmind created a completely insane new robot. It
does a lot of the stuff that we’ve seen promised for years, like cooking,
cleanup, etc., and it’s all running off of
consumer parts and compute. The
demo video
is a must.
MORE

💡As big as AI is going to be, it’s nothing compared to that same AI inside of a household robot. TESLA is betting big on this, and so am I. Virtually everything about
AI is made better by being in a physical form, but this is especially true
for companionship, elderly assistance, and use cases like that. Being a
security guy, however, I really do worry about the threat model here.
Remote access and RCE to these things will be nightmare fuel.

📄 Principled Instructions Are All You Need Paper — A new paper is out
describing how to get a stable 50% improvement in ChatGPT output.
They provide 26 different techniques to get there.
MORE

From the linked paper.

OpenAI’s GPT store, a marketplace for custom AI agents, is set to launch
this week after some delays. The platform will enable ChatGPT Plus and
enterprise subscribers to create and sell personalized chatbots, and
the more people download and use your GPTs, the more you get paid.
MORE

Google is pushing to remove third-party cookies from Chrome in 2024, which
critics are saying is way too fast. Critics argue that the industry will
need far more time to get ready, and that solutions like Google’s Topics
aren’t ready yet. Topics works by collecting things a given user is
interested in and sharing that list, rather than sharing browsing history.
MORE

💡
This Google Cookies thing is starting to feel a lot like a lot of their
product rollouts, i.e., rushed and half-baked. The difference in this case
is that it could cost them a LOT of money if they mess this one up. And
potentially set the whole anti-3p-cookies effort back years.

Flush is an app that lets you book a cafe’s bathroom for $5, aiming to solve
the public bathroom problem. The app, created by Elle Szabo, offers a
double-sided marketplace where businesses can list their restrooms for rent
and users can reserve them, with Flush taking a 5% cut.
MORE

Starlink just launched satellites that’ll let you use your LTE phone from
almost anywhere. It’s a partnership with T-Mobile to cover dead zones, and
the service is expected to roll out by the end of 2023, starting with
messaging and expanding to voice and data.
MORE

Apple’s Vision Pro headset might hit stores as early as January 2024, which
means I should get ready to get in line.
MORE

Microsoft believes so strongly in AI that they’re going to put a dedicated
key on Windows keyboards. They’re calling it a Copilot button, but I think
that’ll end up getting more generalized to the assistant button. Clippy in
just one click.
MORE

HUMANS

China’s Ministry of State Security is cracking down on military fans sharing
photos of army equipment online, threatening up to seven years in prison.
MORE

Suicide rates among Gen Z, particularly girls, are climbing across
English-speaking countries. The data shows a worrying trend, with suicide
becoming a leading cause of death for young people in these regions.
MORE
|
MY PIECE ABOUT PURPOSELESSNESS

From After Babel

The US economy outperformed on jobs by adding 216,000 positions in December.
MORE

Gallup’s latest poll reveals just 28% of Americans are satisfied with
democracy, a new low. The drop from 35% follows a trend across all political
affiliations, with Democrats at 38%, Republicans at 17%, and Independents at
27% satisfaction.
The Republican trend line
is super interesting, with them starting the highest and ending the lowest.
MORE
|
MORE

Starbucks is now letting you use your own cup for drive-thru and mobile
orders to cut waste. Starting January 3, 2024, the initiative is part of
their goal to slash waste by half by 2030, making them the first national
coffee chain to offer this option.
MORE

Most Americans still reject the Jan. 6 Capitol riot, but a CBS News poll
shows Republican disapproval is slipping. Three years on, 78% of Americans
condemn the insurrection, yet Republican approval has grown from 21% to 30%.
30%.
MORE

💡So just to be clear, Republicans currently have 17% support for
Democracy, down from 80%, and 30% support for the January 6th riot, up
from 21%. I get their point about the system and the Left, being broken.
But authoritarianism ain’t it, my guy. Goodness.

California’s courts have ruled that police drone footage isn’t automatically
off-limits to public records requests. The decision marks a win for
transparency, as it clarifies that footage from police drones can be
requested under the California Public Records Act (CPRA), rejecting the
argument that all such videos are exempt due to investigative purposes.
MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Coming for Neri Oxman
There’s a witchhunt for Neri Oxman for
some stupid reason. Business Insider wrote an “article” claiming she
plagiarized part of her dissertation. But if you look at the actual claims,
it’s like forgetting some quotes for
someone she had already heavily quoted and cited numerous other times in
the paper.
It’s complete garbage. What I don’t get is the reasoning.

Like
who thinks this is helpful to anyone? One possible reason is that her
husband, Bill Ackman, had gone after the Harvard president for doing
actual plagiarism, so someone decided to counterattack with the full
force of the media. Super gross. Can’t wait for this kind of trash
to be made transparent by armies of AI research bots.

And I know—I’m like seeing AI as the solution to
everything—but there are lots of things AI won’t help, or will make worse.
But in this case, we really do need to see connections between things that
are virtually opaque due to complexity. Like I’d love to instantly know the
backgrounds and political leanings of everyone who writes hit pieces on a
given person—of any affiliation—combined with a sequence of events in time,
combined with the claims made, etc.

AI will be exceptionally good at finding possible motives and plots in such
things. And it’s not the type of thing that humans can do well. It’s too
many threads, too many things to research, and then assemble, and then put
together into a narrative. AI will do all that for us in minutes, and it’ll
do it continuously.

Sure, it’ll also help people find connections and conspiracy in places where
there is none. But that’s ok, because most other AInalisys will find that
the connections are tenuous, and the conclusion is a stretch.

Anyway, these charges are crap, and I’m very tired of political takedowns of
people just because they can.
MORE
|
MY PIECE ON AI BRINGING TRANSPARENCY
|
GARBAGE “REPORTING”

NOTES

I’m playing a lot more with local AI models lately. Lots of Ollama but also
oogabooga’s web UI for Hugging Face models. I’m going to be integrating
these into my AI framework/ecosystem soon. GPT-4 is still king, but lots of
use cases don’t need the king.

DISCOVERY

🎓 VIM for Pentesting — Tom Hudson, known as
tomnomnom, teams up with STÖK to teach security people how to level up their command
line game. This one is from like 2019 but it’s
still one of the best videos of its kind. | by
stokfredrik
|
MORE

🛠️ CrewAI — A new agent framework for creating different agents in different
roles, and having them interact to produce an output. It’s like Autogen, but
I think I like the structure better.
MORE

Defining a Writer in CrewAI

🛡️WhiteRabbitNeo-13B — A fine-tuned version of Llama2 that allows you to ask
both offensive and defensive security questions.
MORE

🖥️ asitop — A super badass Python-based CLI tool for monitoring performance
on Apple Silicon Macs, inspired by nvtop. | by
tlkh
|
MORE

aistop output

🧐 Preparing for Security Engineer Interview — TryHackMe offers a
comprehensive guide for security engineer interviews, blending general
advice with technical sample questions.
MORE

⏱️time cat — A super low-rent stopwatch for the command line.
You run time cat and you CTRL-c when you’re done,
and it tells you how long that was. lol | HT to Charlie Campbell for the
tip.

🛠️ github-blog — Transform GitHub issues into a blog content management
system with just an API. | by Renato Ribiero |
MORE

🔗 Webmention.app — Automate sending web mentions for links on your site
with this simple API. | by
colindean |
MORE

📱
Offline Chat Private AI — This app lets you run the powerful Mistral 7B
0.2 LLM on iPhone Pros, all without an internet connection. | MORE

Ivan Tolkunov built an AI to spot AI-generated images using a resnet-based
model with FastAI on an M2 MacBook Air, hitting over 99% accuracy in
testing.
MORE

🟩 Greenphone — Create greenscreen prompts in Midjourney for custom art
placement within an image.
MORE

✍️ Typefully — A tool that makes tweeting easier with smart tips and
automated features. Still messing with it, but I’ve heard amazing things
about this one.
MORE

📓 Weekly Wins Planner — A fresh template to help you organize your weekly
achievements and ensure they align with your quarterly goals. It’s a
practical tool for staying on track.
MORE

📄 Challenge Bowl Icebreakers — Looking to spice up team meetings? This free
Challenge Bowl icebreaker template offers a creative way to engage team
members with questions and activities that build camaraderie.
MORE

The Antilibrary — A bookshelf of stuff you haven’t read yet.
MORE

Potheads, Planners, and Players — Different ways to approach projects.
MORE

RECOMMENDATION OF THE WEEK

Remember that goals don’t win us anything, which is why New Year’s
resolutions seldom work. It’s all about the systems.

The algorithm for winning is:

1. Start with your goals

2. Build systems that will get you to those goals

3. Execute on the system

Another word for system is: routine. So it’s not about what you want
to do, or set out to do. It’s about what you actually do, day-to-day,
throughout the year.

So build the ultimate system/routine for 2024. That should be the top
priority. Build the routine that—if you follow it—will result in you
accomplishing your goals for the year.

No better time to do this than early January!

APHORISM OF THE WEEK

❝  

We are what we repeatedly do. Excellence, then, is not an act, but a habit.

—

  Will Durant  

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of
deeply human content. And because it’s so diverse, it’s harder for it to go
as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,