UL NO. 426: Unveiling XZ, AI Monitoring, Investigative Visualizations with Fabric…

Continue reading online to avoid the email cutoff issue

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to
thrive as humans in a world that’s changing faster than ever. It combines
original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

• MY WORK

• SECURITY

• TECHNOLOGY

• HUMANS

• IDEAS & ANALYSIS

• NOTES

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

Hey there,

Ok, probably the coolest thing I’ve seen this week is this video of
Chris Cappetta
having deep philosophical conversations with custom AI’s based on
Anthropic’s Claude.

Conversations with Claude #3 – Exploring Morality – Tuned instructions and
open-sourced code

I watched almost an hour of these conversations (he’s on video #3 already)
and I was blown away by the quality of the AI’s responses. I mean, I
think the answers were nearly perfect about
meaning, self, morality, and free will. Like, they’re very similar to
answers I, or Sam Harris, or my ideal philosophy professor would give if we
were given an hour to write each response. Just unbelievable.
Highly recommend this video.
WATCH IT

Ok, let’s get to it…

MY WORK

My new essay on why it’s often so frustrating to be in security.

Efficient Security Principle (ESP)

A way of explaining why security’s baseline is so low in places, and why
it’s so hard to raise

danielmiessler.com/p/efficient-security-principle

Here’s a new video on how to create custom patterns in Fabric, i.e.,
patterns that
only you can run and that aren’t shared with the project.
WATCH THE VIDEO

How to Create Custom Fabric Patterns

The
YouTube channel
is going decently well after just a few videos.
Please take 14 microseconds and go hit the subscribe button. It saves
kittens.
SUBSCRIBE

SECURITY

The most interesting story this week has to be the XZ situation. So insane.
Here’s
my favorite write-up of the whole thing. (HT Joseph Thacker). I’m trying to figure out what I find so interesting
about it, and here’s what I’ve come up with:

1. It’s movie shit

2. Pre-meditated

3. The attacker with kindness, plays the long game

4. The attacker eventually takes over the project just via attrition

5. They’re still patient

6. Very technical hack of a related library to ssh, but not it directly

7. The submitted code was obfuscated too, and would have been hard to find

8. And then, complete heroism / luck on finding it so soon

I love the jokes about us being lucky that this was the only one, and we
caught it. . Also

You probably couldn’t guess this, but I’m going to talk about how AI can
help here.

So one of the subsystems of my massive Human 3.0 project is going to be
continuous monitoring engines for tons of stuff.

• Voting records compared to lobbying donations

• Watching meteors so we don’t miss one

• Finding vulns in OSS and submitting fixes or hitting up the devs

• Tracking propaganda / viral content and doing OSINT on the people
  using it

That’s one of my favorite ones. And I love the idea of being able to look up
an OSINT profile on anyone who’s submitting code. Imagine comparing:

• Username / email

• How many commits

• Reactions to their commits

• Analysis of trends

• Seeing if they ever went rogue

You could do this not just for coding, but for gamers regarding cheating,
politicians with regard to affiliations and influence, and tons of other
stuff.

Basically, AI will give us the ability to continuously monitor activity that
today doesn’t happen because it’s too resource-intensive. But AI doesn’t get
tired. It never sleeps. It can just monitor and alert.

This is one of the things I’m most excited about building and see others
build.

—

Related to that, check this out:

create_investigation_visualization MORE

This is a new pattern we just added to Fabric that—um—creates a
visualization of an investigation.

So my buddy
John Hammond just did a video about a hack of an Apex Legends
tournament, and he walked through investigative work that he and some other folks did
throughout like a 20-minute video.

Well, this pattern turns investigations like that into conceptual timelines!
Here’s the one for his work on that story:

Hammond’s investigation of the hack. Click to enhance.

I showed a buddy that and he sent me the new
massive investigation on Havana Syndrome
done by Insider.
This is the potential energy weapon campaign that’s been being waged
against high-level US officials for years now.
The investigation is super elaborate but so big it’s hard to wrap your head
around. Here’s what Fabric produced for that one!

Insider’s Havana Syndrome Investigation. Click to enhance.

And you can basically send ANY investigation or research or timeline into
this thing, and it’ll do its best to piece it together visually.
CHECK OUT THE PATTERN

Sponsor

Enhance Enterprise Security: Trust Every Device with Kolide!

What do you call an endpoint security product that works perfectly but
makes users miserable? A failure. The old approach to endpoint security is
to lock down employee devices and roll out changes through forced
restarts, but it just. Doesn’t. Work.

IT is miserable because they’ve got a mountain of support tickets,
employees start using personal devices just to get their work done, and
executives opt out the first time it makes them late for a meeting. You
can’t have a successful security implementation unless you work with end users. That’s where Kolide comes in.

Kolide’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That
way, untrusted devices are blocked from authenticating, but users don’t stay blocked.

Kolide
is designed for companies with Okta and it works on macOS, Windows, Linux,
and mobile devices.

So if you have Okta and you’re looking for a device trust solution that
respects your team, visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

 kolide.com/unsupervisedlearning

Watch a Demo

   

iPhone users are getting bombarded with legit-looking Apple ID reset
notifications in a new phishing scam called “push bombing.”
MORE

My buddy just headed over to work at this vendor Dazz, and it turns out
they’re a sponsor this week, which came in completely separately. Pretty
excited about what they’re doing, might talk to them about advising. Check
it out.

Sponsor

Application Security Posture Management (ASPM) For Dummies

According to Gartner, 40% of security teams will have an ASPM solution in place by 2026 to unify security remediation and fully arm themselves against evolving threats. Do you know your ASPM ABC’s? Consider this your crash course on unifying security visibility across code-to-cloud environments, easily detecting root causes & owners, and quickly prioritizing and
remediating issues.

 dazz.io/lp/application-security-posture-management-aspm-for-dummies

Get the Guide!

   

AT&T just admitted that the data they said didn’t come from their
systems was a real thing, but they said it was old. It affected around 72
million people. | RESPONSE: Passcodes reset for affected customers. |
MORE

NYC is rolling out AI gun detectors in subways, but there’s a history of
pretty bad results up til now.
MORE

Police are now using GPS darts to tag and track fleeing cars, making
high-speed chases a thing of the past.
MORE

Continue reading online to avoid the email cutoff issue

TECHNOLOGY

Every US federal agency is now mandated to appoint a chief AI officer to
ensure the responsible use of AI technologies.
MORE

Databricks and Mosaic’s collaboration on a 132B parameter MoE model
showcases a significant leap in AI performance. Can’t wait to play with this
one.
MORE

One thing I don’t think is intuitive about AI progress is that the battle
of local vs. pinnacle won’t always look the same.

There’s might be a bar of quality beyond which it doesn’t matter how much
smarter or more capable the thing is. And I think local models are going
to hit that—for most people—for most tasks—before too long. Like for daily
and common tasks.

Like once you have an EA with a 120 IQ that has full access to everything
in your life and takes care of you 24/7, how much will it matter if GPT-6
can make you a better one with a 145 IQ?

Maybe I’m wrong there, and you just keep getting more and more returns,
or maybe EA is a bad example because they really are the brain of your
life. But I think there are lots of types of tasks where you don’t get
that much more benefit from a fleet of AIs performing most life tasks at
like a 120 IQ level.

And I don’t think we’re far from that with local models? My point is that
common tasks for humans aren’t likely to change much. Nor are our
expectations of quality for those tasks (this I’m less sure about).

So what happens when good enough gets hit for most situations? Does it
just become a question of getting that level of model into toilet brushes
and baby seats and wallpaint?

Microsoft and OpenAI are eyeing a $100 billion project for an AI
supercomputer, dubbed “Stargate”, that could redefine computing power.
MORE

OpenAI’s Voice Engine can mimic someone’s voice from just a 15-second
sample, opening up new possibilities and ethical questions.
MORE

I don’t get this announcement timing. It’s 2024. Why release this? And
even better, why release it and then not have a release?

Maybe it was just a public service announcement to be careful of voice
deepfakes? Kind of has that vibe at the end of the blog.

Alaska’s Fairbanks airport is deploying a headless, dog-sized robot
camouflaged as a coyote to scare off birds and wildlife.
MORE

In this piece, an engineering manager argues their own role shouldn’t exist,
claiming it’s a mishmash of tasks done poorly. Love these kinds of
write-ups.
MORE

U.S. tech giants are now eyeing Mexico for AI gear production, moving away
from China. Yes please.
MORE

EV owners are finding out the hard way that their vehicles chew through
tires much faster than expected, often without prior warning. Is this
because of increased torque? I should just ask AI, pretty sure the answer is
yes.
MORE

X, formerly known as Twitter, is exploring NSFW Communities for adult
content sharing, a move that could reshape its engagement with online sex
workers.
MORE

Continue reading online to avoid the email cutoff issue

HUMANS

The Philippines is preparing for countermeasures against China’s coastguard,
signaling a possible escalation in their maritime tensions.
MORE

Despite the pandemic’s initial hit, we’re witnessing a roaring 2020s with
record highs in net worth, stock market, and housing prices. This always
trips me out and makes me sense danger when you have such weird asymmetries
in how things are going.
MORE

U.S. literacy has plummeted to 79% from 96% in the late ’80s, costing the
country up to $2.2 trillion annually. Seriously? Tracking nicely with
vaccination rates.
MORE

Vinyl records have not only outsold CDs for the second consecutive year but
also made over twice as much money.
MORE

Florida just made it a law that kids under 14 need parental consent to have
social media accounts.
MORE

Chronic absenteeism in U.S. schools has surged post-pandemic, affecting
students across all demographics with no easy fix in sight.
MORE

Has it surged in immigrant households where the parents massively value
education? Where the parents are extremely adamant about pushing
self-discipline in their kids.

I doubt it.

I’m starting to thing the absolute biggest divide in upbringing,
achievement, and outcomes comes down to the mindset given by parents. It’s
a type of privilege for sure, but not like the word is being thought of
today.

More to come on this because I got the idea from Dr. Kennedy on
Huberman’s podcast recently. The idea is that you have to teach your kids
how to get good at doing things that they don’t like, and make them
uncomfortable.

This might be THE superpower. And it might be one of the things kids have
lost the most in the last 10-30 years. I’ll continue reading on this, but
if you have any supporting or opposing data let me know.

Silicon nanospikes are shredding 96% of viruses on contact.
MORE

Martin Scorsese is a secret VHS hoarder, amassing over 4,400 tapes of
broadcasted content over decades.
MORE

Finland’s been crowned the happiest country for the seventh year, despite
its past high suicide rates and current geopolitical tensions.
MORE

A new paper says your financial health might be influencing your brain’s
wiring and how sharp you stay as you age.
MORE

Nearly half of all single-family homes bought in 2023 were snagged by
private investors, says Washington Times.
MORE

Continue reading online to avoid the email cutoff issue

IDEAS & ANALYSIS

Why 3 Body Problem Is So Good (and why so many other things suck)

I think I figured out why 3 Body Problem is such a great TV
show.

First, it’s based on great books. I’m not sure how closely it’s following
the books because I read them a long time ago, but the point is that they do
have good content to go off of.

But I think I figured out the main ingredient this show has that so many
others don’t: authenticity—or, in other words, adherence to a cold
reality.

Conversely, I think the biggest problem with most shows and movies today is
that they aren’t there to show you something real. They’re there to create a
franchise with lots of staying power and spinoffs and sequels. And as a
result, you hardly ever see anyone you care about die. Truly bad things
hardly ever happen. Or at least that the viewer cares about.

Marvel is a great example. How many core characters have died after dozens
of movies? How many stayed dead? Now think about how many regular people
died. Millions? Billions? Do you ever remember caring about that? They have
thousands of people dying in scenes and the cast is barely struggling in the
fight, and they’re cracking jokes and posing the whole time.

3 Body Problem is great for the same reason Game of Thrones was so good in
the early books and movies. You didn’t know what was going to happen, but
you did know two things.

1. The world is dangerous.

2. Because the world is dangerous, any character you care about could die
   at any moment.

3 Body Problem is good because it’s real. Real danger. Real characters. And
uncertainty. It’s authentic. True to life. But with creativity and fiction
added on top, of course.

Anyway, you should check it out. It’s good. And if you like it, maybe you’ll
agree that this is why.

NOTES

Feeling strange about this new talk I’m doing. It’s quite personal. Not in
that it’s about me, but it’s about something I’m very passionate about, and
I’m going to be trying to convey that passion to others. Feels vulnerable,
but authentic. Can’t wait to see if it’s accepted well or if I’ll need to go
back to a more classical style.

DISCOVERY

Tracecat is an AI-native, open-source rival to Tines and Splunk SOAR. |
by
tracecatai |
MORE

Centerpiece turns your search bar into a supercharged launcher for just
about anything on Wayland. | by
friedow |
MORE

Metaview’s AI tool revolutionizes hiring by recording, analyzing, and
summarizing job interviews, letting managers focus on candidates, not notes.
| by
Kyle Wiggers |
MORE

Composio is crafting tools to empower AI Agents, seamlessly meshing with
crewAI for a smarter integration. | by
Soham Ganatra and
Karan Vaidya |
MORE

Edgar lets you simulate building a Dyson Swarm, turning sci-fi into
interactive fun. | by
HackerNewsX |
MORE

Someone just scraped the entirety of OpenAI’s Community Forum, and it’s a
goldmine of insights.
MORE

Yohei Nakajima
discovered an AI that can list, read, and answer questions about its own
code. Sick project.
MORE

Emmett Shear
suggests learning parenting from the parents of people you admire.
MORE

Moxie Marlinspike
says working on OSS projects is like working with everyone who ever applied
to your company. lol.
MORE

In a world overflowing with content, we’re facing a crisis of quality, not
quantity.
MORE

RECOMMENDATION OF THE WEEK

Check out
the video above of the guy talking philosophy and ethics with an
AI. It’s stunning. And then, given whatever you feel about AI, ask yourself a
few questions:

1. What does it mean for an AI to be that good at those conversations?

2. How much does it matter if it’s completely “fake”?

3. What does it even mean for that conversation to be “fake” if it’s that
   good?

4. At what point does it become uncomfortably similar to us? I mean we’re
   moist robots, right? What if we’re doing a very similar thing when we
   answer questions to what that AI is doing?

5. Where does that leave us?

Let me know your thoughts.
EMAIL ME

APHORISM OF THE WEEK

❝  

It does not matter what you bear, but how you bear it.

  Seneca  

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of
deeply human content. And because it’s so diverse, it’s harder for it to go
as viral as something more niche.

So if you know someone weird like us, please share it with them.  

Share UL with someone like us…

Yours,