UL NO. 442: Crowdstrike Analysis, Cannabis=Soma?, NK Github SE, AI Weaponry 1

UL NO. 442: Crowdstrike Analysis, Cannabis=Soma?, NK Github SE, AI Weaponry 2

SECURITY | AI | MEANING
:: Unsupervised Learning is my continuous stream of original ideas,
story analysis, tooling, and mental models designed to
help humans lead successful and meaningful lives in a world full of
AI.

NOTES

Hey there!

Leigh Honeywell
@leighhoneywell

Any sufficiently bad software update is indistinguishable from a
cyberattack…

12:36 PM • Jul 19, 2024

188 Likes
53 Retweets

3 Replies

Legend post by
Leigh Honeywell
👆
Had a wonderful couple days celebrating my best bud’s birthday in
Colorado! Happy Birthday, Jason!
MORE
I did a presentation for a UN group on the future of AI and
employability, and it should be coming out soon on YouTube.
We’re doing another UL Dinner in Vegas. Stay tuned in chat for the
deets.
Mad props to all the people who had to hustle and grind this weekend
after Blue Friday 👏

Ok, let’s get to it…

MY WORK

Heads-down on the AI class, which is on the 26th, 9AM PST.
SIGN-UPS CLOSING WEDNESDAY

SECURITY

The Crowdstrike Outage — Banks, airlines, hospitals, media companies, and
tens of thousands of other businesses got hit with a global IT outage that
locked workers out of their devices. The issue was a bad update to the
Crowdstrike client, which prevented bootup and required someone to
physically interact with the machine in safe mode. |
MORE

💡It appears that this might have been the largest IT outage
ever—ironically, even bigger than Y2K, which did mostly nothing.

I’m trying to come up with lessons-learned here, but perhaps the biggest
is around PR. The CEO came out and said—basically—”Don’t worry, this isn’t
a security problem” (Paraphrasing)

Which is a really bad thing to say when the internet has been turned off.
It’s like, I don’t care what you call this thing that’s happening, but it’s definitely bad.

He later apologized fully and put out better language, but I liked my
buddy Chris Hoff’s proposed language better, which was something like, “This was not a
security attack against Crowdstrike or its customers, but an outage caused
by a bad software update.”

Another thought I had was that this would be less likely to happen if
Microsoft was performing the EDR function, because—presumably—they would
be more familiar with all the moving parts, have more integrated testing,
etc.

It just seems to me like the natural evolution here is a lot like
Defender, where the platform eventually catches up to the quality of the
standalone, and it gets less and less smart to use something not part of
the OS.

🔧A new threat actor called CrystalRay is using an open-source tool called
SSH-Snake to move laterally across networks, exfiltrate credentials, and
deploy cryptomining malware. The malware can modify itself to remain
fileless and self-propagating.
MORE

GitHub has warned developers about a social engineering campaign by the
Lazarus Group (North Korean) targeting developers in cryptocurrency,
gambling, and cybersecurity. They gain trust over time and then start
submitting malware.
MORE

Sponsor

Dropzone AI

Hey, Daniel here.

I’ve seen a thousand different AI + Security startups at this point. Most
are very early and/or theoretical. Some are pretty decent, and a few are
impressive.

But the absolute best I’ve seen so far – by far – is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent
aspect of doing investigations.

It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that.
Needs to find some context? It goes and gets that.

So by the end you have a fully documented set of steps that were taken
to research an alert, and a conclusion on whether or not it was
malicious—all with full documentation.

I’m so impressed with it that I’m now an advisor as well.

dropzone.ai/request-a-demo

GET A DEMO

Palmer Luckey, the guy who created Oculus, is now making AI weapons for
Ukraine through his company Anduril. He started Anduril to build AI-driven
weapons like drones and submarines, which are now being used by the Pentagon
and sent to Ukraine.
MORE

China is installing record amounts of solar and wind energy, adding 10
gigawatts of wind and solar capacity every two weeks, which is like building
five large nuclear power plants weekly. This really makes me mad. I want the
US to do this, and more.
MORE

Iran and China are increasing their foreign influence efforts, using social
media to stoke discord and promote anti-U.S. narratives. Google blocked over
10,000 instances of Chinese influence activity in Q1 2024 alone.
MORE

Sponsor

Discover, secure and govern genAI use

Nudge Security discovers all genAI accounts ever created by anyone in
your org, in minutes. No agents, browser plug-ins, or prior knowledge of
an app required.

Within minutes of starting a free trial, you’ll have a full inventory of all genAI accounts and security
profiles for each provider to help you vet new or unfamiliar apps.

Get your free genAI inventory today.

nudgesecurity.com/use-cases/mitigate-ai-risks

Free Trial

The U.S. Department of Justice seized two domains and searched nearly 1,000
social media accounts used by Russian actors to spread pro-Kremlin
disinformation.
MORE

Cloudflare says nearly 7% of all internet traffic is malicious, with DDoS
attacks making up over 37% of all mitigated traffic. In Q1 2024 alone, they
blocked 4.5 million unique DDoS attacks, and the sophistication of these
attacks is increasing.
MORE

UK police arrested a 17-year-old suspected of being part of the Scattered
Spider hacking group and involved in the 2023 MGM Resorts ransomware attack.
AKA: The reason DEFCON is way further North in Vegas this year.
MORE

AI / TECH

Realtime Video Transcription With Timestamps (Whisper Diarization)
MORE

Beijing’s support has seen China make up ground in the AI race, but it has
also handcuffed AI companies with some of the world’s tightest restrictions,
many of them political. This dual approach could end up stifling innovation
in the long run.
MORE

💡I think barring them stealing some pinnacle AI tech that gets them
advanced AGI or ASI, their model will ultimately hurt them for two
reasons:

When you have to filter everything, you just move slower.
The people who want to move fastest will leave China for the US /
Canada / EU.

Kaiser Permanente is using AI, wearables, and other tech to bring healthcare
directly to patients. Very AI-forward approach from them. I like it.
MORE

Sam Altman revealed that OpenAI’s Voice Mode alpha release is coming later
this month.

💡I’m with my bud Matthew Berman on this one:

MatthewBerman
@MatthewBerman

Let’s de-normalize companies demo’ing products earlier than 3 months
before release.

* Microsoft: Recall
* Apple: Intelligence
* OpenAI: Sora AND
GPT4o Voice

Who else should be called out?

8:25 PM • Jul 20, 2024

354 Likes
30 Retweets

66 Replies

Andrej Karpathy is launching Eureka Labs to create AI teaching assistants
for education. The startup aims to leverage generative AI to help students
through course materials, starting with an AI course called LLM101n.
MORE

Google has launched its Project Oscar, an open-source platform that
enables development teams to create AI agents that monitor issues, manage
bugs, and handle various aspects of the software lifecycle—all through
natural language interactions.
MORE

Omega’s AI Will Map How Olympic Athletes Win — Omega is using AI to map out
how Olympic athletes win by analyzing their full performance, not just the
start and finish times. This includes using motion sensors on athletes’
clothing to capture every detail of their movements.
MORE

The U.S. is thinking about new trade restrictions that could stop Nvidia
from selling its HGX-H20 AI GPUs to China, which might cost Nvidia around
$12 billion in revenue.
MORE

💡This would hurt me in the stocks for sure, but I’m thinking that’d be
temporary. Hopefully. ← Not financial advice.

Beijing scientists have developed the world’s smallest and lightest
solar-powered drone, weighing just 4.21g with a 200mm wingspan. It can fly
non-stop during daylight thanks to its electrostatic motor, which is
200-300% more efficient than traditional electromagnetic motors. I wants it.
MORE

A Florida (it’s either Florida man or DNS) man got arrested for shooting
down a Walmart delivery drone, claiming it was spying on him. Shooting at
drones is treated as a felony, similar to firing at a passenger aircraft,
with penalties up to 20 years in prison.
MORE

Waymo Wants to Bring Robotaxis to SFO — Waymo is pushing to get approval for
robotaxi pickups and drop-offs at San Francisco International Airport.
MORE

Microsoft Lays Off DEI Team — Microsoft laid off its diversity, equity, and
inclusion team, saying DEI is “no longer business critical.”
MORE

Andreessen Horowitz argues that bad government policies are now the biggest
threat to tech startups, which they call “Little Tech.” They believe
American technology supremacy depends on these startups and that the
government should support them rather than favoring big incumbents.
MORE

Google is shutting down its URL shortening service, so any links created
with it will stop working. If you have any important links using this
service, you’ll need to update them soon.
MORE

💡I’m pretty sure Google will soon sell YouTube to Johnson & Johnson
and GMail to Luxotica, and then go full speed into the “wtf are we doing”
business.

It’s the single most perplexing business I’ve ever seen.

They were first on GenAI. They wrote the paper. And now they’re
completely lapped by not just OpenAI but Anthropic as well. How are you in
like 5th place when you have all the people and all the money?

They’re like the opposite of Cloudflare, which does small things really
well that add up. Google is slowly getting rid of all the best things it
has.

The main thing Google is growing is its graveyard.

Such a colossal waste of money and talent. Their failures should be
studied for centuries as an example of what happens when you don’t lead
with UX-focused product management, rather than “throw shit at
wall”-focused engineering.

HUMANS

Iran-backed Houthi rebels say they were behind a drone attack on Tel Aviv
that killed one person and injured several others.
MORE

USA Household Income Distribution by State — A Reddit user shared a detailed
visualization of household income distribution across different states in
the USA.
MORE

A new meta-analysis shows that toothbrushing can significantly reduce
hospital-acquired pneumonia (HAP) in ICU patients. This simple intervention
could lead to 17,000 fewer deaths each year from ventilator-associated
pneumonia (VAP).
MORE

Young Adulthood Is No Longer One of Life’s Happiest Times — Research shows
that young adulthood is now one of the most unhappy times in life, with a
significant rise in despair among young people, especially women aged 18 to
25.
MORE

Most of Gen Z Using TikTok for Health Advice — A new survey found that 56%
of Gen Z are using TikTok for wellness, diet, and fitness advice, with 34%
relying on it as their main source of health information.
MORE

Ask HN: Every day feels like prison — A mid-thirties guy in tech feels
trapped in a 9-5 job he no longer cares about and is struggling to build a
business on the side. Despite making major life changes, he still feels
stuck and unhappy, fearing this might be his life for the next 30-40 years.
MORE

Read the full newsletter online

IDEAS

Sam Altman is simultaneously building AGI and doing big studies on UBI. It’s
super obvious what he’s doing, and I think it’s mostly the right thing.

I mean, all you have to believe for this to be a good thing is that:

AGI will remove a lot of jobs
People will need money to survive while they figure out what else to do

And I think those are really safe bets.

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

What if Cannabis is Soma from Brave New World?

– Makes people comfortable with mediocrity
– Makes people more
accepting of whatever they’re handed
– Makes people less likely to
change their situation

And legalization is happening coincident with the rise of AI.

9:59 PM • Jul 21, 2024

22 Likes
2 Retweets

6 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

Conspiracy culture is getting stupid at this point.

Troubled kid shoots Trump, just like a thousand other shootings. A team
did a bad job protecting him. Just like a thousand other bad jobs that
were done that day.

-> Must be Deepstate

An old and declining candidate is… x.com/i/web/status/1…

7:21 PM • Jul 21, 2024

26 Likes
2 Retweets

5 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

One of the security applications of AI I’m most excited about is its use
on currently intractable problems.

– Vendor management
– Supply chain management
– Threat
modeling software dependencies

Let me explain…

7:51 AM • Jul 19, 2024

18 Likes
2 Retweets

3 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

The future of security and risk management is to have them disappear
into SOPs (Standard Operating Procedures).

A flight checklist and a skyscraper building plan don’t have “stay in
sky” or “don’t fall down” sections.

It’s just a process. A process with those lessons built in.

5:55 AM • Jul 18, 2024

11 Likes
4 Retweets

3 Replies

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

Hmm. I’ll be watching this closely. 👀

Macro Flaneur @macroflaneur

The grey tribe of Silicon Valley is making a bid to take over the US

Vance is Thiel’s man. Musk and Andreeseen Horowitz are backing him. He
will be the nominee in 4 years

An admin. steered by Thiel and Musk right when AGI is due and Starship
goes to Mars. Incredible timeline

3:24 AM • Jul 17, 2024

10 Likes
1 Retweet

1 Reply

DISCOVERY

Llema — A new recon/security tool that runs via Llamda in your browser.
MORE

Respotter — A honeypot for Responder that tricks attackers into revealing
their presence. | by
C.J. May
|
MORE

Exo — Run your own AI cluster at home on everyday devices. | by
ExoLabs
|
MORE

Why Aren’t We Using SSH for Everything? | by
Shazow
|
MORE

Gray Swan AI — Specializes in AI safety and security tools to assess and
safeguard AI deployments. | by
Gray Swan AI
|
MORE

Costco’s Apocalypse Bucket — Costco is selling a 25-year shelf-life
emergency food kit called the “apocalypse bucket” for $79.99. It includes
150 freeze-dried and dehydrated meal servings, ranging from teriyaki rice to
apple cinnamon cereal.
MORE

RECOMMENDATION OF THE WEEK

Don’t ask what someone’s politics are. Ask them what their ideal world looks
like, including questions like these:

Are there multiple religions?
Are there multiple ethnic groups?
Are people free to love whoever they want?
Do they all live together?
Who are the most famous people in that world?
Who gets paid the least?
Who gets paid the most?
What happens to someone if they’re truly disabled and can’t work?
What happens to someone if they’re too lazy to work?
What happens to someone who is addicted to drugs?

I think many of our disagreements are about how and not what. I know a lot
of people who support Trump, for example, who would say:

You can be gay
There can be other religions
All the ethnic groups should live together
There should be a social safety net
Etc.

So if you are on the left, and you hear someone on the right say those
things, that’s an opportunity for a REAL conversation. A conversation about
how. Not what. And vice versa.

Bottom line: I think we all in the roughly 80% center agree about a lot
more than it feels like right now.

As we go into this election cycle, try to use this exercise to realize this
with more people.