Unsupervised Learning Newsletter No. 292

 MEMBER EDITION 
| Episode 292 | Monday: August 2, 2021

SECURITY NEWS

NSA has released new guidance on how to securely use wireless devices in
public places. I have to say it feels pretty remarkable to see the
government—any government—putting out good content like this.
More

The FBI has revealed the top targeted vulnerabilities of the
last two years. The top ones were Citrix, Pulse, Fortinet, F5, and
MobileIron.
More

After 10 years, Google’s Vulnerability Rewards Program has
rewarded 2,022 researchers with around $29 million in payouts. They’re now
launching a new platform at bughunters.google.com. The new program comes
closer to unifying bug submission across all of their products, better
interaction mechanisms, an improved leaderboard, swag, and other
improvements.
More

The creators of PunkSpider are facing scrutiny because they
plan to release a new version of their tool at DEFCON next weekend. The tool
basically scans the internet’s websites and finds and publishes web
vulnerabilities for everyone to see, including allowing people to search the
results. The argument against this is that it’ll give attackers a chance to
hit targets before victims have a chance to fix the issues. The argument for
this is that they could do that already by running their own tools, and that
the best way to apply pressure to fix things is to make them public.
Disinfectant through illumination, basically. There will be lots of gnashing
of teeth on the Twitters I’m sure.
More

BlackMatter is a new ransomware gang that claims to be made up
of the remnants of DarkSide and REvil. Their MO is to find people who
already have access and offer them $100,000 for that access, assuming they
have a substantial foothold and the target is in the US, UK, Canada, or
Australia.
More

Over 100 warship locations have been spoofed in the last year,
and there’s speculation that it could be part of a campaign to create a
conflict based on mistaken identity.
More

Vulnerabilities:

• A number of malicious typosquatted python libraries have been found on
  PyPi.
  More

Incidents:

• UCSD Health says they lost personal information in a data breach
  involving employee email accounts.
  More

Companies:

• Cyber Asset Management Platform Neotic launches with $20 million in
  funding. They use APIs and Graph databases to track assets both in the
  cloud and on-prem.
  More

• At-Bay raises $185 million to do cyber insurance.
  More

• ActiveFence comes out of stealth with $100 million in funding to detect
  online harm such as abuse, disinformation, and fraud.
  More

TECHNOLOGY NEWS

Facebook’s next big product is going to be Ray-Ban Smart Glasses. Honestly
really excited to see what they release, even if all they do is add
competition to the AR space. AR can’t get here fast enough for me, and I
love that Facebook, Magic Leap?, Snap, and others are all playing in this
space.
More

The Wall Street Journal did an in-depth analysis of TikTok’s
algorithm and how it’s so good at figuring out what you like. The short
version is that on e metric matters more than all the others: Linger Time.
“Every second you hesitate or rewatch, the app is tracking you. Through this
one powerful signal, TikTok learns your most hidden interests and emotions,
and drives you deep into rabbit holes of content that are hard to escape.”
More More

Shopify is allowing merchants to sell NFTs through their
storefronts.
More

Apple’s Chip supplier, TSMC, is preparing its 2nm product for
2024.
More

Cloudflare says AWS is charging way too much for egress
traffic.
More

Tesla passes $1 billion in quarterly profit after shipping more
cars than ever.
More

Apple’s profits nearly doubled last quarter, and iPhone sales
jumped 50%.
More

Companies:

• Square is buying Afterpay, which is a “buy now, pay later” service out
  of Australia for $29 billion in stock.
  More

• Twitter is closing its SF and NY offices just a couple weeks after
  re-opening them.
  More

HUMAN NEWS

Just 6 companies—GE, NewsCorp, Disney, Viacom, Time Warner, and CBS—control
90% of US media. In 2011 it was 50 companies.
More

Business Insider says Amazon employs 1 out of every 153
American workers. That’s a Neuromancer Metric if I’ve ever seen one.
More

Companies:

• Hello Divorce raises $2 million to make it easier to get a divorce.
  More

CONTENT, IDEAS & ANALYSIS

Everything is K-Shaped Right Now — Much of our society is splitting
into upwards and downwards strokes, across multiple dimensions.
More

Simone Biles Pulling Out — I’ve seen a lot of ideas
about this in various places and wanted to comment real quick. Essentially,
I’m torn. On the one hand I say, “No Excuses!”, because when you represent a
country you basically have a job, and it’s a job that’s a lot more like the
military than most jobs. One can view sport as a proxy for war, and it’s
generally unacceptable to just walk away in either sport or combat when you
don’t feel like continuing. That’s one side. The other side says 2021 gets a
full pass. 2020 wasn’t normal. 2021 isn’t normal either. And this Olympics
probably shouldn’t have happened in the first place. Everyone is still
massively stressed due to a century-level event, which, by the way, we still
haven’t seen the end of. So, I think you can give anyone a pass right now.
And if anyone deserves a pass, it’s her. Hasn’t she done more than enough
for the US already? I think so. The way we know this was an extraordinary
circumstance is that it happened at all. She’s not a quitter. Quitters don’t
have that many gold medals.

Where Am I On PunkSpider? —
Where am I on tools like PunkSpider? I’m not sure, actually, but I do know
what we’re doing now doesn’t seem to be working, so I’m somewhat sympathetic
to the illumination argument. I’m open to being persuaded by data, and the
implementation also matters. How they run the project will shape how I
perceive it being either net-positive or net-negative.
More

Women in the Draft — The Senate Armed Services Committee
passed a provision to require women to register for the draft. Here’s what I
suggest you do before forming an opinion on this topic. Go watch the opening
scene for Saving Private Ryan and ask yourself if you’d be ok with
that being a boat full of 18-20 year-old women. I am 1000% percent for 100%
equality, but no—I am not ok with that being a boat full of women.
More

NOTES

I’m back on my Neumann u87ai mic and my RODECASTER PRO podcasting rig, with
Hindenberg as the DAW. I think the dedicated podcasting hardware (and
software) might be better than the Universal Audio + LUNA setup I was using,
just because it’s designed to do only that (see Dedicated). I’m also using
no plugins other than DeReverb for room echo. If you’re interested or
skilled at audio, let me know what you think of this week’s sound. What I’m
shooting for is a very natural feel, with just enough bass to be substantive
but not so much as to sound boomy or be hard to hear with background
noise.

I’m getting ready to do my last subscription pricing
adjustment for quite a while. I’m moving to what a lot of the people I pay
for are doing, which is $100 a year, or $20 a month. I like the evenness of
it, and how much it incentivizes the annual plan. For those who are already
annual, the price increase per month will be $3.33.
So, going from $5 dollars a month to $8.33 a month. I’m hoping that
what we’re doing here is worth many times that, and I am not going to change
this again before at least mid-decade.

I’m currently reading
This is How You Lose the Time War, which won the Hugo and Nebula
awards. I have heard it come up in like 5 conversations with friends
recently, so I added it as an interrupt. This is on top of re-reading DUNE
for book club this week. David selected the book because the new movie comes
out in September. Can’t wait. Both for the book club and for the movie.
More

I’m also all-in on the new Ghostbusters movie.
More

I had to cancel my plans for BH/DC in Vegas due to COVID. And
it looks like this fall could be as bad for hospitals as last fall, or
worse. Which for me also means no EDC in October most likely. Oh well, at
least I’ll be in a bigger place for this next lockdown. I’ll take whatever
positive is on offer.

DISCOVERY  

PimEyes — A creepily-good reverse image search. I uploaded a random image of
myself I just took with my phone, and it found pretty much every image of me
online that exists. Even ones that look nothing like the picture I uploaded.
Use with caution.
More

Datasette — Take data of any shape or size and publish that as
an interactive, explorable website and accompanying API.
More

Crossfeed — A CISA released tool for continuously monitoring an
organization’s public-facing attack surface.
More More

speed.cloudflare.com — I have been using the Speedtest thick
client, combined with a CDN file download, to test my bandwidth for years
now. I think Cloudflare’s offering might have finally replaced it.
More

Disinformation For Hire, A Shadow Industry, Is Quietly Booming
More

Autonomic Security — Google’s answer to SOCs being overwhelmed
by expanding attack surface.
More

“I went to the office for the first time. I fucking hated it.”
More

Using SSM to run Ansible on AWS hosts without requiring an
external SSH listener.
More

Covid Stockholm Syndrome
More

RECOMMENDATIONS

If you’ve not read Jonathan Haidt, I strongly suggest you get
into him. Start with
The Righteous Mind, then
The Happiness Hypothesis, and then if you’re into youth/culture,
The Coddling of the American Mind. I think he’s one of the clearest thinkers on the maladies affecting the
US right now.

APHORISMS

“The rider evolved to serve the elephant.”

~ Jonathan Haidt