Continue reading online to avoid the email cutoff issue

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to
thrive as humans in a world that’s changing faster than ever. It combines
original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

create_better_frame: Takes any type of input where
someone is presenting, interpreting, or commenting on the world, and
does two things: 1) it creates negative frames for seeing that content,
and 2) offers more positive frames. Basically, it provides
a positivity filter for any given input, should one choose to
accept it.
MORE
create_academic_paper: Takes any bullet points, article,
essay, or anything else you’ve written, and turns it into
a LaTeX-formatted academic paper format!
MORE

Also, for anyone with a git repo, summarize_git_changes is a
great way to see and share updates on recent progress.
MORE

cd yourgitrepo

git log --pretty=format:"%h - %an, %ar : %s" --stat | head -n 500 | fabric -sp summarize_git_changes

Fabric’s latest updates

Also, Threshold (UL’s first commercial product) is imminent! Like I’m
already in there and using it, and we’re making final tweaks now. It’ll
launch in Preview, meaning there will be lots of changes in the next
few weeks, but it will be useful from Day 1.

Can’t wait to share it. Hopefully this week and then in next week’s
newsletter.

Ok, let’s get to it…

MY WORK

Personal AIs Will Mediate Everything

What happens to user-facing businesses when humans aren’t the things
interacting with products?

danielmiessler.com/p/personal-ais-will-mediate-everything

A Conversation with Jason Meller of Kolide/1Password – Unsupervised Learning

In this sponsored conversation, I speak with Jason Meller. Jason is the
founder of Kolide, which has just recently been acquired by 1Password. We
discuss: – Kolide’s acquisition by 1Password – The synergy between Kolide
and 1Password – The challenge of password management – The concept of device
trust and zero trust – The limitations of MDM solutions – Engaging end-users
in security remediation – The philosophy behind Kolide’s approach – The
importance of human-friendly security solutions – Future plans for Kolide
under 1Password – The potential for broader application of Kolide’s
technology Jason and I see a lot of things the same, and I really enjoyed
this conversation and think you will too.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-meller-of-kolide-1passwo

SECURITY

This is a collection of full-video deepfakes that are seriously
concerning. They’re generated by a commercial model, not like a government.
MORE

We seriously need to build like a global Snopes platform. Like before the
elections.

Idea: You get a bunch of Left people, Center people, and Right people and you
build a platform that does like Snopes used to do with internet claims. It
basically shows the content, and gives an analysis of why you should
believe it, why you shouldn’t, and then a verdict. Plus you can have the
platform be like a collection point for pro-con arguments, in super
concise form. And yeah, it’ll use AI to do a lot of that collection and
summarization.

Something like:

—

SITUATION: There’s a video of Obama saying it’s time for a pre-emptive
strike against Mayanta.

ANALYSIS: The video is currently being analyzed by multiple experts. Here
is what has been said so far:

Fox News Analysis: The video appears to be fake, created by _____. SOURCE
ONN Analysis: No evidence that the video is fake. SOURCE
CISA Analysis: This is a deepfake, read our analysis here. SOURCE
Brietbart: Obama has said similar things in the past so there’s no
reason to disbelieve it. SOURCE

CURRENT CONCLUSION: Given the current evidence, we are ALMOST CERTAIN
that this video is a deepfake, using Kent’s Words of Estimative
Probability.

We need this service. And as Dan Kaminsky used to say, “We have the
technology.”

The Left/Right cooperation won’t be perfect, of course, but it’ll be
1,000% better than nothing.

These deepfakes are too good for us not to have any trusted place for
people to verify things.

There’s a supposed data leak of data on 71 million AT&T customers, but
AT&T says it’s not from their systems.
MORE

Someone built an AITM (Active In the Middle) attack tool using just 174
lines of code on Cloudflare Workers. It can supposedly fully bypass MFA on
Microsoft accounts.
MORE

Leaked documents reveal a Chinese hacking group’s systematic attacks
against 20 foreign governments and companies, including detailed
operations and targets. MORE

Sponsor

Enhance Enterprise Security: Ensure Device Trust and Protect Your
Data!

When you go through airport security, there’s one line where the TSA
agent checks your ID, and another line where a machine scans your bag. The
same thing happens in enterprise security, but instead of passengers and
luggage, it’s end users and their devices.

These days, most companies are pretty good at the first part of the
equation, where they check user identity. But user devices can roll right
through authentication without getting inspected at all. In fact, 47% of
companies allow unmanaged, untrusted devices to access their data. That
means an employee can log in from a laptop that has its firewall turned
off and hasn’t been updated in six months. Or worse, that laptop might
belong to a bad actor using employee credentials.

Kolide
finally solves the device trust problem. Kolide ensures that no device can
log into your Okta-protected apps unless it passes your security checks.
Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and
laptop in your company.

Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

kolide.com/unsupervisedlearning

Watch a Demo

SpaceX is contracted to build a spy satellite network for a US intelligence
agency. Makes sense. I can’t think of a cheaper and more reliable way to get
a lot of satellites into space.
MORE

Rohan Pandey
modified llama2 to un-redact an email from Elon to Illya.
MORE

Burglars are starting to use Wi-Fi jammers to knock out security cameras,
making it harder to track them down afterward.
MORE

Sponsor

VIRTUAL OPEN SOURCE POWERED SECURITY CONFERENCE

Join us for Hardly Strictly Security: The Ultimate Open Source Cybersecurity Conference. Mark your calendars
for April 25th. This free, virtual conference is for security engineers, red teamers, bug bounty hunters, security
leaders, and anyone who wants to celebrate and continue to leverage the
power of open source to make our world more secure.

hardlystrictlysecurity.io

Join Us!

A Chinese company’s leaked documents reveal a massive global hacking
campaign.
MORE

Fortinet has disclosed a critical SQL injection flaw in FortiClientEMS that
could let attackers run code on systems.
MORE

Continue reading online to avoid the email cutoff issue

TECHNOLOGY

Steven Hao gave Devin access to his work stuff (questionable?), and it’s
basically doing his job for him.
Devin is even posting on Slack and asking questions, and using the
responses to continue when he gets stuck.
MORE

The amount of hate and hype towards Devin has been extraordinary.
Definitely go check it out
if you haven’t yet. It’s basically a code automation agent that does
better than previous attempts.

Midjourney’s new “Character Reference” feature finally lets you
recreate the same AI character in different situations. Can’t wait to play
more with this.
MORE

Elon Musk open-sourced Grok, but not completely. They didn’t release any of
the code required to train it.
MORE

As I talked about before, I think we should only call a model “open
source” if they release 1) the weights, 2) the data, and 3) the full
training methodology—including code.

Covariant is launching RFM-1, aiming to bring ChatGPT-like capabilities to
robots. This platform could revolutionize how robots understand and interact
with the physical world, making them more adaptable and intelligent.
MORE

AI is big. Robots are big. But the biggest is AI in robots.

Finland is rolling out a giant ‘sand battery’ to store heat in winter,
showing 1 MW of power and a 100 MWh capacity. The technique uses excess
electricity to warm sand and can meet a week’s heat demand in winter with
minimal energy loss.
MORE

Nvidia’s getting into humanoid robotics with its new AI platform, GR00T.
The platform is designed to support a wide range of humanoid robots,
including big names like Agility Robotics and Boston Dynamics, marking a
significant push into the sector. Massively impressed with Nvidia right
now. MORE

Continue reading online to avoid the email cutoff issue

HUMANS

Hong Kong is implementing a new, Beijing-driven stringent security law that
goes after treason and other types of dissent. The penalties are harsh, with
up to life in prison. Hong Kong continues to get phased out, with China
phased in.
MORE

Midjourney is blocking AI-generated images of Trump and Biden going into the
2024 election.
MORE

The U.S. unexpectedly added 275,000 jobs in February, surpassing economist
predictions. But the unemployment rate went up slightly, to 3.9%.
MORE

A really good thread here on Hacker News about experienced programmers not
being able to find jobs. OP and commenters have a theory for why it’s
happening.
MORE

Some schools in England are adopting super strict policies, inspired by the
Michaela Community School’s success, to improve student behavior and
academic outcomes. These schools enforce rigid routines and discipline,
believing it helps disadvantaged students succeed, despite criticism of the
approach being oppressive.
MORE

I’ve been expecting to see a lot more of this, actually. Not just for
disadvantaged students—which I can see it being great for—but for
everyone. Reminds me of all the Man camps going on where you learn
survival and hunting and stuff.

I see this as a counter to life being good, basically. Life for most
people is fairly easy in terms of not being in danger, having enough to
eat, etc., and people want to build character.

It’s hard to build character when everything is easy.
So we should expect to see a lot more of making things artificially
hard—on purpose—to help strengthen ourselves.

Like Stoic Resilience Training (SRT) or something. I’m for it, as long as
it doesn’t get too out of hand.

Young men and women are drifting apart politically, with women going way
more Left, and men staying largely the same.
MORE
|
MORE

John Barnett, a former Boeing whistleblower, was found dead amid a lawsuit
against the company. He exposed safety issues, including a 25% failure rate
in emergency oxygen systems.
MORE

Toronto Police suggest leaving car keys at the front door to dodge violent
run-ins with car thieves. It’s a bit like saying, “Take my car, not me.”
MORE

This is how you get Republicans elected, and eventually—if things aren’t
fixed—far-right governments like we’re seeing all across Europe.

Liberals can’t let Conservatives be the only people who enforce laws and
maintain security. Or they can, but there will be consequences.

“They voted for THAT guy? Wow, the voters are evil and stupid!” Maybe.
But people also like feeling safe. As usual, the answer is a hybrid:

Enforce laws strictly, largely as if criminals had a choice.
Invest heavily in at-risk groups before they commit crimes, largely
as if they don’t.

Recent Boeing incidents have sparked far-right conspiracy theories about
diversity causing intentional failures. Some extremists claim these mishaps
are part of a plot to undermine Western civilization and promote communism.
MORE

Wut? If someone can explain that one to me I’d appreciate it.

Using tap water in a Neti Pot can be deadly due to potential brain-eating
amoebas. It’s safer to use distilled or sterilized water for sinus cleaning.
MORE

I feel vindicated. I’ve been using only filtered (reverse osmosis) water
for mine for years. The best treatment I’ve found (along with an allergy
pill) by far.

This analysis claims to show that people used to consume more calories
without gaining as much weight.
MORE

Fentanyl poisoning has become the leading cause of death for Americans aged
18-45.
MORE

Over 2,000 U.S. newspapers have closed since 2004.
MORE

Car washes are popping up everywhere because they’re surprisingly
profitable.
MORE

Continue reading online to avoid the email cutoff issue

IDEAS & ANALYSIS

I’ve had an absolute epiphone about politics,
and really everything in the last couple of months. Specifically from
the concept of Framing. I feel like it’s a model with extraordinary
explanatory power, and I’ve not found anything it can’t explain. It’s
becoming my primary Unified Theory. I’m prone to excitement though, so I’m
going to let it sit for a while before I write another big piece about it.

—

Really interesting back and forth with with Dino Dai Zovi about the
cybersecurity “floor and ceiling”.

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ

@DanielMiessler

Replying to@dinodaizovi

Security is always roughly as good as it should be. We know this because
if it needed to be better, it would be.

Most home locks are pickable, and most hospitals are ransomeware-able.

Each system has an acceptable level of security failure.

3:00 PM • Mar 17, 2024

10 Likes
3 Retweets

5 Replies

And further thinking made me expand on it here.

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ

@DanielMiessler

Replying to@dinodaizovi

I don’t think this is true on just multi-decade timelines. I think it’s
true on “an average day” timeline.

Think about how much we have of the following:

– Identity theft
– Account fraud
– Password reuse
–
Companies constantly being hacked
– Ransomware
– Credential
stuffing… twitter.com/i/web/status/1…

3:05 AM • Mar 18, 2024

0 Likes
0 Retweets

0 Replies

And this is my piece from 2018 that I think captures the idea best.

Why Software Remains Insecure

My piece from 2018 on why software remains insecure after we’ve spent
decades trying to solve the problem…

danielmiessler.com/p/the-reason-software-remains-insecure

Basically, I think security is subordinate to innovation and daily life in
most situations, and that it falls to an absolute minimum as a result. And
as a result, we should guard our mental health against thinking people are
steering us wrong, or that we’re massively neglecting something that
urgently must be fixed.

In short, if it were urgent we would know because it would get fixed
immediately. And if it’s not fixed immediately, it’s not urgent.

This isn’t a statement about any objective rating of what matters, or what’s
more secure or insecure (see Framing above).

Framing is Everything

We’re seeing reality through drastically different lenses, and living in
different worlds because of it.

danielmiessler.com/p/framing-is-everything

The only thing that matters is what people care about and worry about. And
that’s why we can spend billions barely moving the needle on a thing that’s
not that important, while completely ignoring worse risks that don’t inspire
people to care.

NOTES

We had a banger UL meetup this month where a member shared their super
tricked-out keyboard. It’s the exact type I’d been looking up already and
trying hard not to get into. But he made such a compelling case that I’m now
going down the rabbit hole. Send help. Also don’t click this link.
MORE

I’m emotionally moved, and technically astounded, by the fact that Voyager 1
is a light day away from us. A LIGHT DAY. 24 hours at the speed of
light, just to send and receive a signal. Oh, and the thing keeps like dying
and then coming back online. What a hero.

DISCOVERY

haktrails is a Golang client that makes querying SecurityTrails API
data super easy. Especially useful for bug bounty hunters. | by hakluke | MORE

Openapi-tui lets you interact with APIs defined in openapi spec right
from your terminal. | by
zaghaghi |
MORE

I Stopped Loving Captain Kirk
MORE

Solarpunk is the new Cyberpunk MORE

Steve Pavlina’s “Do It Now”. Takes me back. One of the early influences on
my approach to productivity. From 2005!
MORE

Minimal Viable System.
MORE

Ben Kuhn
shares Why and How to Blog.
MORE

Which Skills Are Least Likely to Be Replaced by AI?
MORE

Amanda Askell
talks about why Claude 3’s system prompt is so good.
MORE

Spreadsheets as Simulation Tools
MORE

The Getty has released nearly 88,000 art images for anyone to use for free.
MORE

RECOMMENDATION OF THE WEEK

Share
Let Grow
with people! Absolutely love this project!

It’s about teaching independence and resilience to kids.

Watch this (it’s 4 minutes).

When Kids Step Up : A Let Grow Film

Jonathan Haidt
@JonHaidt

The most effective and most fun way to reduce anxiety in elementary and
middle school students is the Let Grow Experience. Below is a 4 minute
video about it, very moving. Parents: ask your kids’ school to try it.
It’s free. Visit letgrow.org

youtube.com/watch?v=zrlhZZ…
When Kids Step Up : A Let Grow Film
Ortwein Elementary, a public school in Las Vegas, is doing the Let Grow
Experience, a free curriculum that builds student and parent agency. The
simple month…

12:01 PM • Mar 18, 2024

330 Likes
67 Retweets

8 Replies

Please share this with anyone you know who cares about raising healthy,
independent kids.

APHORISM OF THE WEEK

❝

I am not what happened to me. I am what I choose to become.

Carl Jung

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of
deeply human content. And because it’s so diverse, it’s harder for it to go
as viral as something more niche.

UL NO. 424: Raising Security’s Floor

TOC

MY WORK

SECURITY

TECHNOLOGY

HUMANS

IDEAS & ANALYSIS

NOTES

DISCOVERY

RECOMMENDATION OF THE WEEK

APHORISM OF THE WEEK

0 responses on "UL NO. 424: Raising Security's Floor"

Leave a Message Cancel reply

Featured Downloads