UL NO. 419: Problem Quality, 0-Day Spyware, LOTL, Ollama + OpenAI

👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to
thrive as humans in a world that’s changing faster than ever. It combines
original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

• MY WORK

• MY WORK

• TECHNOLOGY

• HUMANS

• IDEAS & ANALYSIS

• NOTES

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

Hey there,

A few quick things…

• I’m seriously messing up on the gym/weights/walking/table tennis side.
  Have only exercised a few times in the last few weeks! And I can feel
  it.

• The reason for this is that my energy and mood have been so high from my
  work, and I’ve basically been going non-stop. No excuse. I tell you all
  about this so you can shame me.

• Tons of inbound interest of all kinds due to
  Fabric
  taking off. A million ideas for how to improve it already! Many thanks
  to
  @xssdoctor
  for being such a huge part of the project. You know…between his patients
  as a f’ing cardiologist!

Let’s get into it…

MY WORK

Your Work Can Only Be As Good As Your Problems Are Meaningful

A lot of people struggle with doing great work and still being unfulfilled,
but your issue might be the problems you’ve chosen to work on.

danielmiessler.com/p/fulfillment-work-problems

How (Specifically) AI Will 100x Human Creativity and Output

AI will solve the problems we have, not the problems we think we have.

danielmiessler.com/p/ai-will-100x-human-creativity-and-output

SECURITY

Google’s TAG group says 80% of the zero-day vulnerabilities it’s tracked
have come from commercial spyware vendors. Google’s been watching 40 of
these companies and they specifically call out some of them, including:
Cy4Gate, RCS Lab, Intellexa, Negg Group, NSO Group, and Variston.
MORE

💡I’m noticing an interesting pattern here. The biggest threat to your data
is might not be the dark web, but data brokers, which are actual companies. And the biggest threat from weaponized
0-days might not be the random attacker, but commercial spyware companies. Which, again, often sell legally. So it’s not the criminal activity that’s most scary, it’s the criminal
activity that’s weaponized into a “legitimate” business.
What’s another example? Lobbying?

Related to that, the US is going after commercial spyware by banning visa
entries for people known to be associated with the industry.
MORE

Americans lost a record $10 billion to fraud in 2023, according to the FTC’s
latest report. Which is up 14% from 2022. Investment scams were the main
type, and they were up 21% YOY.
MORE

Sponsor

GO BEYOND PENTEST MANAGEMENT AND REPORTING WITH PLEXTRAC

What if you could cut the time spent on pentest reporting workflows in half? With PlexTrac, you can. 

PlexTrac’s automated platform
goes beyond pentest management and reporting, enabling you to:

• Analyze your attack surface at the asset level.

• Action all pentest and vulnerability scanner data in one place.

• Use context-based scoring to prioritize risk. 

• Conquer the last mile of continuous validation. 

What does this mean for you? 

• Faster pentest reporting time. 

• Better collaboration across teams and with stakeholders. 

• Improved ability to prioritize high-impact findings.

• Up to 5X ROI.

Check out PlexTrac.com/UnsupervisedLearning
for a personalized demo to see how PlexTrac can help you boost efficiency
and recognize real value, today. 

 PlexTrac.com/UnsupervisedLearning

Get a Demo

   

Cory Doctorow got scammed by someone claiming to be part of his bank, and he
wrote
a full blog post about it. Hat off for the vulnerability, but the guy called on a crappy VOIP line
and mispronounced the credit union name and asked for his full credit card
number? And he gave it to him? In his defense, he says he knows his credit union uses people with bad mics who don’t
know how to pronounce the name of the credit union. Jesus, man, get a new bank. Still, I do appreciate the transparency.
MORE

The FTC has officially banned AI Deepfake robocalls. I’m curious how much
effect this will have given that most scammers are already breaking the law
on purpose in multiple ways. But I like how quickly action was taken.
MORE

Canada is moving to ban the Flipper Zero to address a spike in car thefts.
The creators of Flipper Zero argue that their device cannot be used to steal
cars made after the 1990s due to advanced security systems. Pretty happy I
don’t live in Canada (or Florida) where the government just randomly bans
stuff.
MORE

OnlyFake is putting out really good fake IDs with AI. The site claims to
produce up to 20,000 documents daily using “neural networks” and
“generators”. Seems like they’re probably going to get smashed by
authorities, but here come the copycats.
MORE

The FBI and CISA have put out a joint guide to “Living Off The Land” (LOTL)
attacks, where attackers use legitimate tools for malicious purposes.
MORE
|
GUIDE PDF

CISA revealed that the Volt Typhoon hacking group, backed by China, has been
lurking undetected in some US critical infrastructure IT environments for
over five years, potentially sleeping for future attacks.
MORE

A crowd in San Francisco attacked and set on fire a Waymo car. If you
haven’t seen the animated Matrix series, go watch it. It’s about to be super
relevant.
MORE

A Chinese group infiltrated the Dutch military’s network with a previously
unknown malware strain, Coathanger, designed to persist through reboots and
firmware upgrades. The impact was minimized due to the network’s
segmentation, affecting less than 50 users involved in unclassified R&D
projects.
MORE

Incidents

Verizon accidentally exposed over 63,000 employees’ personal data.
MORE

💡Someone asked me on a podcast recently why so many telcos have security
issues. I didn’t have a better answer than lots of users and lots of
employees. In other words, lots of attack surface? If someone has a better analysis, let me know.

Vulnerabilities

🪳FORTINET VULNERABILITIES — Fortinet’s FortiSIEM faces two critical
vulnerabilities enabling remote code execution. | CRITICAL | 10.0 |
MORE

🪳Critical Patches Released for new Flaws in Cisco and VMware products as
well, up to 9.6 on the Richter scale.
MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

A study (and paper) put human lawyers up against LLMs for evaluating legal
documents. It was like you’d probably expect. For determining legal issues,
LLMs (specifically GPT4-1106)
matched or slightly exceeded the accuracy of Junior Lawyers and were very
close to the accuracy of LPOs. For locating legal issues, LLMs were slightly less accurate than LPOs but
still outperformed Junior Lawyers. Worse, though, was the speed difference.
LLMs did that work between 91.63% to 99.64% faster than the human
reviewers. MORE

💡This seems like a good time to mention a piece of advice I have for
previously high-status jobs that are vulnerable to AI, e.g., lawyers,
doctors, engineers. Build a brand and learn how to do your thing in public.
If you can’t figure out how to broadcast your expertise as a unique
message, and connect with people, you’re likely to get crushed by AI. Many
of these professions have one thing in common: they are based on collecting knowledge and experience into an
education, and imperfectly giving that experience to a human. That is the worst possible place to be as a human, because AI has, or
will soon have, the life and work experience of millions of
doctors/lawyers/engineers. Get to the human side ASAP.

🔥 Ollama now supports OpenAI’s API format, meaning you can just
substitute your OpenAI calls for Ollama calls (which are local), and get
local results. Super cool!
MORE

Sam Altman bets on AI creating one-person billion-dollar companies soon. In
a chat with tech CEO friends,
Altman predicts AI advancements will enable a single person to run a
billion-dollar company
by automating jobs across various sectors. Yep, this is what we’ve been
saying here.
MORE

Andriy Burkov
@burkov

The most popular use case for Claude and Gemini is to compare them to
GPT-4.

 

5:37 AM • Feb 12, 2024

  

226 Likes  
22 Retweets  

11 Replies

Sam Altman is looking to raise up to $7 trillion (that’s a “t”) for
AI chip production. The plan involves a partnership between OpenAI,
investors, chip makers, and power providers to build new chip foundries,
with OpenAI committing to be a major customer.
MORE

💡I’m starting to think that you need basically crazy people to make real
progress. Jobs. Musk. Altman. The winning combination seems to be an insane vision, and then not
listening to anyone who tells you it’s impossible.

OpenAI is working on two new types of agents, one that can control
devices, and another that can perform web tasks.
Remember when I said AGI won’t come from some giant breakthrough in
model capability, but by chaining together systems?
Well, yeah, that’s what this is part of. Think about it this way:
what else chains together tasks on devices and on web browsers? Human
employees.
MORE

HUMANS

Mexico has overtaken China as the top exporter to the US. Factors
contributing to this shift include Trump-era tariffs and Biden’s climate
policies making Chinese imports costlier, plus strategic moves by
manufacturers to relocate closer to the US market due to political tensions
and rising labor costs in China.
MORE

Researchers have used information theory to analyze why Bach’s music feels
so compelling. They analyzed his compositions by converting them into
information networks and found some patterns that may explain why he was so
good.
MORE

💡I’m currently obsessed
with Claude Shannon’s Information Theory and how it applies to real life,
so this is interesting. Here’s how I think it applies to writing and
giving presentations. MORE

The wealthy are cutting lines all over the place, like at the airport,
Disney World and ski resorts. From Tinder’s $499 membership to ski lift
fast-track passes, people are paying premiums to bypass queues.
MORE 

💡People with money seem to be increasingly living in a completely
different world than those without it. Meaning, someone who makes $50,000
a year, which used to be decent money, is now vastly less capable of doing
things than someone who makes like $150K or above (an arbitrary, anecdotal
cutoff). That’s 3X as much, so that may seem obvious, but it didn’t used
to be that way. Or at least it didn’t seem so to me. In the 80’s and 90’s we were all doing the same stuff, in the same
places. Now, if you go to nicer cafes or restaurants they don’t really have
many people there doing regular jobs. Meals at nice places are usually (at
least in the Bay Area), over $120, and that’s just for 2 people. Rent is
insane. Mortgage, forget about it. Food bills. Gas? I honestly don’t know
what anyone is going to do on $50,000 in big cities on the coasts. And
this separation of restaurants, hobbies, neighborhoods, and other parts of
our lives cannot be healthy.

Gallup just showed that only 47% of Americans report being “very satisfied”
with their lives, a figure that’s just barely above the record low set in
2011. Those earning over $100,000, married individuals, religious attendees,
college graduates, Democrats, and those aged 55 and older are more likely to
report high levels of satisfaction. See the callout above.
MORE
|
GALLUP STUDY

The Three-Body Problem’s audiobook is getting a new voice with Rosalind
Chao, just ahead of Netflix’s adaptation. Actress Rosalind Chao, known for
her role in the Netflix series, is narrating the new audiobook version of
The Three-Body Problem, offering a unique take on the entire story. The new
audiobook comes out February 27th. I’m going to re-read (listen to) this
version.
MORE

Over the past three years, Democrats’ lead with Black Americans has
decreased by nearly 20 points, and similar declines are seen among
Hispanic adults and young adults aged 18 to 29. Democrats still maintain a
significant lead among non-Hispanic Black adults, with a
47-percentage-point advantage, but this is the smallest margin Gallup has recorded since it began its polling. MORE

Seine-Port, a quaint village near Paris, recently voted to limit smartphone
use in public spaces, aiming to encourage more human interaction and less
screen time.
MORE

A startling 46% of Americans didn’t finish a single book last year, placing
anyone who read at least two books in the top half of American readers.
I surmise that these numbers are wildly too high, due to the book version
of preference falsification. But maybe if we’re counting comic books, true crime, romance, and that
kind of stuff, we get close to 50%. I’d love to see the number for
non-true-crime, non-fiction books. I bet that number is closer to 10%?
Anyone know any numbers there?
MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

How to Elect Donald Trump in 2024 (Politics, Skip if That’s Not Your
Thing)

I’ve said this a dozen times already, but I’m going to say it
again here on the off chance that there’s anyone that’s reachable.

If Trump gets elected it will be due to catastrophic Democratic mistakes. It won’t be Trump. Trump is easy to beat. It’ll be the left assassinating
itself.

All you have to do to beat Trump is not be so extreme in your liberal views.
Not sure what I mean? Here, I’ll make a list. 

Here’s how to get Trump elected.

• Say the US is a horribly unfair and racist country despite the fact that
  non-white immigrants want to come here more than anywhere, because it’s
  the most meritocratic place on the planet.

• Say White Supremacy is worse than it’s ever been.

• Say Jewish people are the most evil and entitled white people, and that
  they deserved what happened in Gaza.

• Say any raising of illegal immigration as an issue makes you a racist.

• Say that rich people are the source of all our problems.

Say those things and you elect Trump.

Or, to put it another way, all a Democratic candidate would have to do to
beat Trump would be to take away those weapons.

Here’s 4 things they could say to beat Trump easily. And they can still be
liberals! Like me!

• Yeah, the Republicans are right about illegal immigration. It’s bad.
  We’re addressing it.
  We’re boosting the border patrol by ___ amount, and increasing
  enforcement on criminals here illegally by ____ amount. But we’re also
  opening up more legal immigration, because our immigrants are awesome
  and they make great Americans.

• No. America is not a horrible country. It’s actually one of the best
  countries in the world. It’s not the best because we’ve made no
  mistakes. It’s the best because we try really hard to fix them, and to
  become the country we’ve always wanted. And we continue to make
  progress. Don’t believe me? Let’s look at actual numbers. Look at China.
  Look at Latin America. Look at most countries in Africa. Are they
  anywhere near as open to minorities as the U.S.? How many religious
  minorities do they have in political office? How many women? How many
  LGBTQ people? Racial minorities? How about those same groups running
  businesses? How do those numbers compare to the U.S.? (then give the
  numbers that show they have the most diverse political and business
  leaders anywhere in the world!).
  We lead the world in lifting people of all groups and cultures to the
  highest levels in our society. Be proud of that.

• There’s nothing wrong with being rich or successful. Here in America we
  look up to that. We always have, and it’s ok to do so. But we also
  believe that becoming successful has a lot of luck in it. The luck of
  good parents, or luck of learning the value of grit, discipline, and
  hard work at an early age, or the luck of being super smart or knowing
  the right people.
  That doesn’t take away the extremely hard work it takes to become
  successful, but it gives the successful a responsibility. Not to give away what they earned, but to invest some of it into
  those who weren’t so lucky. So THEY can work hard and become
  successful too.

• It’s time to be done with cancel culture. It served a good and necessary
  purpose when we got rid of people like Harvey Weinstein, and we need to
  continue to stay vigilant against that type of trash across our entire
  society. But people are flawed, and people can change. And we’ve
  all known someone who’s a good person who’s done something shameful,
  that they regret.
  It’s up to us to know the difference between those people and the
  Harvey Weinstein’s of the world. And it’s up to us to stop treating
  them like they’re the same. Enough.

This is very simple. Say those 4 things and you beat Donald Trump by 10-30%.
Continue on with the self-hate and you will find out just how tired the
country is with Wokeism.

In other words,
Trump could easily win by 5-20% just as a country-wide message to the
extreme left that it no longer wants what they’re selling.

NOTES

• Super excited for the second part of Dune.

• Can’t wait for the new Three Body Problem series.

• Got a couple of talks I’m flying to in the next couple of months, and
  I’m looking forward to using the Apple Vision Pro to work during them!

• Really need to get back to table tennis and gym and rucking!

DISCOVERY

🖥️ Sudo for Windows — Elevate commands without a new console | by
Jordi Adoumie |
MORE

🛠 Toolong — Terminal app for log file viewing and management | by
Textualize |
MORE

🎼 An extraordinary EDM set by my now favorite artist of this genre, CloZee.
MORE

🧱 A pretty solid AI stack in February of 2024:

Stan Girard
@_StanGirard

My current OSS go-to stack:

– @supabase for db, auth, storage, realtime
–
@LangChainAI for building my rag pipelines
–
@posthog for analytics
– @FastAPI for
the backend
– @nextjs for the frontend
–
@resend for the emails
– @LiteLLM for
LLMs compatibility
–  @ollama &…
twitter.com/i/web/status/1…

 

8:14 PM • Feb 10, 2024

  

702 Likes  
91 Retweets  

28 Replies

In a GenAI World, Only Identity Matters — A great essay about the problems
of identifying who’s doing what in a world full of GenAI. | by
Caleb Sima
|
MORE

Required Security Changes for Secure AI Agents — A solid piece on what will
be needed for AI agents to securely operate in real-world scenarios. | by
Joseph Thacker
|
MORE

Jess Weinstein is excited about Stripe building new zero-to-one products,
such as “Support-as-a-service” | by
Jeff Weinstein
|
MORE

OKRs are Bullshit
MORE

Simple Precision Time Protocol at Meta
MORE

TikTok Is Destroying Itself from the Inside Out
MORE

How Levels.fyi scaled to millions of users with Google Sheets as a Backend
MORE

Wirecutter content is now freely accessible through Apple News.
MORE

Applying Threat Intelligence to the Diamond Model of Intrusion Analysis
MORE

OPML is Underrated
MORE

The world is awful. The world is much better. The world can be much better.
MORE

YouTube now supports uploading podcasting RSS feeds, which means if you used
to be an audio podcast person, you can automatically publish your stuff on
YouTube when it goes live on the audio version!
MORE

Parse, don’t validate
MORE

RECOMMENDATION OF THE WEEK

Think about the problems you’re working on, and ask yourself if they’re
worth years of your attention. There are a lot of layoffs right now, so I’m
not recommending you quit your job next week to find beautiful problems.

But I am recommending that you start thinking about it. Especially if the
universe is conspiring against us and ends up laying us off, or making it
hard to find a job. You might as well make the next one a place where you
deeply care about the problems, and the solution.

There are a million benefits of this, but one is also that you’re far more
likely to shine at work, and thus be non replaceable, if you’re deeply
motivated by the mission.

APHORISM OF THE WEEK

❝  

Your work can only be as good as your problems are meaningful.

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of
deeply human content. And because it’s so diverse, it’s harder for it to go
as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,