SECURITY |
AI |
PURPOSE
UNSUPERVISED LEARNING
is a newsletter about upgrading to thrive in a world full of AI.
It’s original ideas, analysis, mental models, frameworks, and tooling to
prepare you for the world that’s coming.

TOC

• SECURITY

• AI / TECH

• HUMANS

• IDEAS

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

Hey there!

• Had a great conversation with Rob Allen from
  ThreatLocker
  about their Zero Trust approach: deny-by-default, dynamic ACLs, and
  blocking ransomware at every stage.

A Conversation with Rob Allen from ThreatLocker

The UL Black Friday Membership window is now open.
GET IT

 UL Membership Black Friday Sale 

It’s time for turkey and cranberry sauce again, which means it’s also
time for a Black Friday Sale of 20% off the first year of UL Membership.

Here’s what members get:

• Access to the smartest, most curious, and KINDEST community out there

• Direct access to Daniel and hundreds of security and AI
  professionals

• Exclusive Member-Only content

• Access to the UL Book Club, which has run monthly since 2017!

• Access to our Mid-month Meetups, where we discuss career / life

• DEEP discounts on paid courses and products

Best of all is the people.
It’s seriously the best community I’ve ever been a part of.

“Daniel has created a place for civil discussion in a world that
frequently prefers argument over discussion.”

– Ben Collins

Use coupon code BLACKFRIDAY20

Join Our Community of the Kind and Curious

   

• Upgraded all my Ubiquiti gear and am making progress towards a 10Gbit
  world.

• Heading to Saudi soon to speak at Blackhat MEA!

SECURITY

This one didn’t get nearly enough coverage last week.
ChatGPT has a new feature that can read code from MacOS apps like VS
Code, Xcode, and Terminal, making it easier for people to use AI in a live way without copy-pasting.
The new feature called, “Work with Apps,” uses MacOS’s Accessibility API to
read text right from your screen.
MORE 

This is getting closer to what some other startups are working on, where
they’re watching your screen and AI is operating on it. That functionality
scares the crap out of me, though, so I’m only likely to use it with Apple
and maybe Google if they haven an option to turn off the data harvesting /
ads stuff.

For startups, I’m really worried about them getting all this data and
then getting compromised. I see it as a virtual inevitability. I really
only trust a handful of companies (mostly just Apple, actually) with this
much—and this level—of data.

Something—or some one—has cut the data cable between Finland and Germany.
Finland’s internet access is currently routed through Sweden. Many are
assuming shenanigans.
MORE 

Sponsor

Are genAI tools integrated with your other apps?

Nudge Security discovers all genAI accounts ever created by anyone in your org, as well as the OAuth grants that enable data-sharing across apps.

Start a free trial to:

• Discover all genAI tools ever used in your org

• See all users, authentication methods, and OAuth grants

• Get alerted of new genAI tools or integrations

• Vet unfamiliar tools with security profiles for each provider

nudgesecurity.com/use-cases/ai-security

Try it Now

   

Palo Alto Networks has released Indicators of Compromise (IoCs) for a new
zero-day vulnerability affecting their firewalls. MORE 

VMware confirmed that threat actors are exploiting two vCenter Server
vulnerabilities, CVE-2024-38812 and CVE-2024-38813, which were first
disclosed at the 2024 Matrix Cup hacking competition. MORE 

Sponsor

Build a Cybersecurity Awareness Program That Works

Learn how Goodwin Motor Group crafted a successful cybersecurity culture that engages everyone—from execs to frontline staff. Discover actionable tips
for creating compelling training, sustaining participation, and proving program ROI, shared by the champions behind this thriving program.

my.demio.com

Reserve My Spot

   

Continue reading online to avoid the email cutoff

AI / TECH

Anthropic has a new Prompt Improver, that takes a given prompt and writes a
better one. This is an example of ecosystem improvement I’ve been talking
about.
MORE

OpenAI might launch an “AI agent” tool called “Operator” in January.
Operator will compete with Anthropic’s “Computer Use” and Google’s rumored
agent.
MORE 

I’m anticipating that in 2025 the biggest thing in AI will be the maturation of Agents.
They started getting decent in 2024, next year they’ll get mature
enough—and integrated enough—for real-world use cases.

The models will get smarter, but I think most of the benefit will be in the tooling and ecosystems around the models—not the models themselves.

For agents, it’s helpful to remember what the actual milestone is, which
is pretty simple to track.

• Constant monitoring of audio, video, text of everything you’re
  doing

• That means cameras and microphones on your body

• And full monitoring of the screens and I/O of your
  devices/computers

This is what’s going to feed your personal and work DAs with the full
context it needs to serve you best. And that’s what all these efforts will eventually push towards, even if they’re not doing so yet.

Sam Altman and Arianna Huffington’s Thrive AI Health is an AI assistant that
aims to offer personalized advice on sleep, food, fitness, and more.
MORE 

Google.org
is putting $20 million in cash and $2 million in cloud credits into a new
initiative to help researchers use AI for scientific breakthroughs. MORE

Apple’s M4 Max CPU transcribes audio twice as fast as Nvidia’s RTX A5000 GPU
while using significantly less power. In a user test, the M4 Max completed
an audio transcode in 2:29 minutes using Whisper V3 Turbo, consuming just 25
watts, compared to the RTX A5000’s 4:33 minutes and 190 watts.
MORE 

Really want one of these, but can’t justify it yet. The real question is
whether our next AI rigs should be a cluster of Mac Mini’s, or a standard
big beefy NVIDIA-based box.

I’m thinking it might be big box for the next one, and then the one after
that is probably some other architecture we can’t see yet? Or perhaps an
Exolab cluster of Apple-based systems?

iOS 18.2’s Music Recognition feature now logs where you were when you heard
a song. This new “Musical Memories” feature geotags songs, so you can
remember the exact location you discovered them.
MORE 

HUMANS

Pharma stocks have crashed due to RFK Jr. taking over Health and Human
Services. Moderna is down close to 40%, and other stocks are suffering in a
similar way. Not sure how this isn’t a buy opportunity, though. I don’t see
how most people (and RFK) don’t figure out how to tell the difference
between good and bad stuff these companies are doing.
MORE 

Netflix hit a record 65 million concurrent streams during the Mike Tyson vs.
Jake Paul fight, reaching 60 million households worldwide. But there were
over 100,000 complaints about buffering and connection problems.
MORE 

A new study shows that treating bullying as a collective issue rather than
an individual one can significantly reduce its occurrence in primary
schools. The approach involves engaging the entire school community,
including teachers, students, and parents, to address and prevent bullying.
MORE 

I love this concept, which reminds me of how some countries handle
prostitution by going after the buyers rather than the sellers. It’s an
economics way of looking at a whole system, and not just the obvious
place.

With bullying, I think what needs to happen is some level of shaming of
the kids who see it happen and do nothing about it, e.g., intervening,
telling adults, etc.

IDEAS

RebootAI — An Offline AI Oracle for Emergencies
I want to build
a local AI that can run offline in bad situations like earthquakes, meteor
strikes, and any other scenario where we might have power (like from solar),
but no internet. So the idea is that I want something I can ask how to do
anything!
Tourniquets, sterilizing water, building shelters, identifying edible
plants, etc. So ideally this would be both text and image capable, and just as
resilient an implementation as possible.

Who wants to help me build it? Or does anyone know of one already out there?
Even better if it’s its own standalone box, and you can just update the
model used every once in a while.

DISCOVERY

Cloudflare’s robots.txt file is a mix of ASCII art and
directives for web crawlers. It allows Twitterbot and
DemandbaseWebsitePreview to access specific language pages, but blocks many
others from accessing various parts of the site, like search results and
feedback pages.
MORE 

Managing High Performers — A guide on how to effectively manage
high-performing employees. It covers strategies for keeping them motivated,
providing the right challenges, and ensuring they feel valued within the
organization.
MORE 

Ian’s Secure Shoelace Knot is the best shoelace knot I know of. I actually
tie this for my sneakers and mostly leave them that way and slip them on and
off.
MORE 

RECOMMENDATION OF THE WEEK

1. Check out the Aphorism of the Week below.

2. Focus your efforts on being flexible after wrong notes, as opposed to
   being able to play perfect notes all the time.

2025 and the next few years are likely to be so crazy that we won’t be able
to plan or play the right notes.

But what we can get good at doing is
adapting once the wrong note is played.

APHORISM OF THE WEEK

❝  

If you hit a wrong note, it’s the next note you play that determines if it’s
good or bad.

  Miles Davis

Thank you for reading. Please forward to a friend and/or share on socials to
help support the work.

Daniel