Unsupervised Learning NO. 394

Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Hey there!

Back from Vegas finally. 14 days is too much Vegas.

2 talks and 3 panels this year, and that’s on a (light) year that I
planned on saying no to most things. But I got away easy with only 5
things; my buddy Jason had 9!

And now the covid waiting game begins. The texts and posts reporting
people being positive are starting to accumulate, including from events I
attended, so I’m hoping I make it to like Friday without getting it
myself.

Also, super interesting—make sure you test correctly. A guy took 5 different tests and got vastly different results based on how he tested.

In the meantime, I hope you have a great week!

In this episode:

🎰 Back from Vegas: Event Recap
🔬 Covid Testing: Importance of Correct
Method
🔥 Burnout and Addiction: Shared Root Cause
🪳
Vulnerabilities
🎩 Black Hat Highlights: Tool Releases
👥 Lapsus$
Tactics: Simple Techniques, Big Breaches
🤖 AI Cyber Challenge: DARPA’s
Call to Arms
🔒 Cybersecurity Standings: US vs China
🌐 Render’s
Cloudflare Issue: Network Errors
🔍 PromQL Guardrails: Code Scanning
with Semgrep
🔭 Tool & Article Discovery
➡️ The Recommendation
of the Week
🗣️ The Aphorism of the Week

MY WORK

Burnout and Addiction 
Burnout and addiction may share a common root cause – a lack of
fulfillment or a “meaning loop” in one’s life. According to Johann Hari,
addiction is a lack of a strong meaning loop that keeps you fulfilled, and
burnout can occur when you’re doing something that’s not your true purpose.
DANIELMIESSLER

🎙️
Subscribe to the Podcast
If you’re not getting the podcast yet, you should remedy that. It’s
very close to the newsletter, but I often expand a bit on topics in the
podcast version. Also, I’m about to pull a Lex Fridman and move the sponsors
to the front so that there aren’t interruptions during the content.
ADD UL TO YOUR CLIENT

📡 Connect via RSS
RSS is not dead. Not in our world anyway. You can follow all UL
content with via the following RSS feed.
ADD TO YOUR RSS READER

SECURITY NEWS

There were multiple vulnerabilities and incidents revealed during
Blackhat/DEFCON week, although the news was a bit quieter than usual due to
media coverage of other topics. Here are the highlights.

• 🪳CISA Microsoft Alert
  — CISA has flagged a zero-day flaw affecting Microsoft’s .NET and Visual
  Studio products, and it’s already being exploited. The vulnerability,
  known as CVE-2023-38180, has a CVSS score of 7.5 and impacts various
  versions of Visual Studio and .NET.
  SECURITYWEEK

• 🪳Sogou Keyboard Vulnerabilities
  — Sogou Keyboard’s encryption has some serious holes that could expose
  your keypresses to network snoops. | Critical |
  CITIZENSLAB 

• 🪳Researchers Can Listen to Keystrokes over Zoom
  — This one is a bit early, but researchers are claiming they can learn
  what Zoom participants are typing with 93% accuracy. Insane!
  ARSTECHNICA

Black Hat Highlights 
The 2023 Black Hat conference was pretty stacked this year.
Notable releases included MELEE, a tool for detecting ransomware in MySQL
instances, and CheckGPT, a tool designed to detect AI-generated email
attacks. Check out a full writeup here.
SECURITYWEEK

Lapsus$ Tactics 
The Lapsus$ hacking group, known for breaching high-profile
companies, used simple techniques like SIM swapping to gain access to
internal networks. The group, mainly composed of teenagers, targeted
companies like Microsoft, Cisco, and Nvidia, and even attempted to
compromise accounts connected to FBI and Department of Defense personnel.
BLEEPINGCOMPUTER

AI Cyber Challenge 
DARPA is rallying computer scientists, AI experts, and software
developers to join the AI Cyber Challenge (AIxCC), a 2-year competition
aimed at finding and fixing vulnerabilities in crucial software. Leading AI
companies like Anthropic, Google, OpenAI, and Microsoft are partnering with
DARPA to provide their technology and expertise to challenge participants.
OODALOOP

Sponsor

 Struggling to implement Zero Trust with Okta alone?

You’re not alone.

Device hygiene and telemetry signals are shallow, and users get stuck,
blocked, and sent to IT if there’s an issue.

Forced to manage company access through exemption lists, IT is buried
under a mountain of support tickets, creating the IT bottleneck.

Kolide Device Trust
integrates with Okta for real-time device posture
beyond checkbox compliance. Instead of leaving the user blocked, it provides contextual instructions
so that they can resolve the issue themselves.

It’s Device Trust done right.

Watch our on-demand demo
to learn more.

👉lp.kolide.co/demo👈

Watch the Demo

   

Cybersecurity Standings 
The head of the National Security Agency, Gen. Paul Nakasone,
confidently stated that the U.S. is not trailing behind China in terms of
offensive cybersecurity and surveillance capabilities. He attributes this to
the ongoing “hunt forward” operations that actively search for clandestine
activity on U.S. and allied networks.
NEXTGOV

PromQL Guardrails 
Semgrep, a tool for finding bugs and enforcing code standards,
now supports PromQL. This new feature allows for code scanning at ludicrous
speed.
HACKERNEWS

AI Tech Standoff 
The US and China are in a race to develop the most powerful AI
systems, causing a tense relationship as each country safeguards its
resources. The Biden Administration’s move to limit Chinese tech investments
in semiconductors, quantum computing, and AI has sparked concerns from
regulators in other countries, including the UK and EU.
OODALOOP

TECHNOLOGY NEWS

AI Chip Rush 
China’s internet giants are on a $5bn shopping spree for Nvidia
chips, all in the name of powering up their AI systems. The rush is driven
by fears of new US export controls and a global GPU shortage, with companies
like Baidu, ByteDance, Tencent, and Alibaba ordering about 100,000 A800
processors to be delivered this year and in 2024.
OODALOOP

AI Voices for Deceased Kids 
Some content creators are using AI to recreate the voices of
deceased or missing children, narrating their own tragic stories. While some
defend this as a new way to raise awareness, experts warn it risks spreading
misinformation and offending victims’ loved ones.
OODALOOP

Vim’s Future Plans 
The Vim project is making some changes to continue its
development, with new members joining the organization and a focus on bug
fixes, security updates, and documentation improvements. There are plans for
a Vim 9.1 maintenance release and a potential move to a more modern
approach, similar to Neovim, but the team is still figuring out the best way
to handle this transition.
GOOGLE GROUPS

AI Remaking Cloud 
Artificial intelligence is shaking up cloud computing, with
companies like OpenAI and Databricks leading the charge by providing tools
to build AI features. Forbes’ latest Cloud 100 list shows AI’s growing
influence, with seven newcomers, including Anthropic, a ChatGPT rival,
benefiting from the AI boom.
OODALOOP

AI-Powered Antibody Discovery 
LabGenius, a company based in South London, is using AI to
speed up the process of engineering new medical antibodies. Their machine
learning algorithm designs antibodies to target specific diseases, then
automated robotic systems build and test them, all within six weeks.
WIRED

X’s Ad-Revenue Changes 
Elon Musk’s social network X, previously known as Twitter, is
making it easier for creators to earn from their content. The platform has
reduced the eligibility threshold for ad revenue sharing from 15 million to
5 million impressions within the last three months, and creators can now
cash out with as little as $10.
TECHCRUNCH

Wireless OLED TV 
LG has launched the world’s first “wireless” OLED TV, capable
of transmitting 4K 120HZ video wirelessly via a “Zero Connect Box”. The TV,
currently available in South Korea, will be released globally later this
year.
ACQUIREMAG

Google’s eSignature Support 
Google is adding eSignature support to Docs and Drive, making
it easier for users to request and sign documents without switching between
different apps. The feature, currently in beta, has been in alpha testing
for over a year and is expected to be available to Workspace individual
subscribers in the coming weeks.
THEVERGE

Video Chat Revolution 
The hype around video chat apps seems to be over, with the
actual experience of video chat being in its most boring state ever. Despite
the rush of interest in video chat apps during the pandemic, the market is
now largely run by tech giants and the pace of new and interesting features
has slowed to practically nothing.
THEVERGE

HUMAN NEWS

Telework Reduction Push 
The White House is urging federal agencies to cut down on
telework and remote work, favoring more in-person office time this fall.
This move, described as “critical” to workplace culture and mission
fulfillment, is a continuation of an initiative first announced in April.
GOVEXEC

Return-to-Office Regrets 
Cool story, but in one study 80% of bosses regret their initial
decisions about returning to the office, wishing they had a better
understanding of what their employees wanted. According to a study by Envoy,
many companies feel they could have been more measured in their approach,
rather than making bold decisions based on executives’ opinions rather than
employee data.
CNBC

Bankman-Fried Jailed 
FTX founder Sam Bankman-Fried is back in jail, this time for
witness intimidation and jury tampering. The charges stem from his sharing
of private notes from a key prosecution cooperator, his ex-girlfriend and
former CEO of Alameda Research, Caroline Ellison.
THEMESSENGER

Post-COVID Heart Issues 
Doctors are grappling with how to help patients who have
developed heart conditions after recovering from COVID-19. The virus has
been found to cause significant damage to the heart, even in mild cases.
CBSNEWS

UPS Driver Pay Boost 
UPS drivers are set to average a whopping $170,000 in pay and
benefits by the end of a five-year contract. How can they afford this? The
deal, which covers around 340,000 workers, is currently in the middle of a
ratification vote that ends on August 22.
CNBC

Middle School Struggles 
Life’s tough for middle school students who aren’t attractive
or athletic, according to a study by Florida Atlantic University. The study
found that these students become increasingly unpopular over the school
year, leading to increased loneliness and alcohol misuse.
FAU

NOTES

We had the most epic live UL meetup in Vegas! It was a bunch of tables put
together, which we ended up adding one to about halfway through.
Conversation was great. People got to know each other more. And it was just
wonderful to put faces and voices to names. Check UL Discord to see the
group photo!

I did 5 different events for BH/DC this year. It actually felt pretty light
compared to heavy years. Maybe because I stayed away from both cons for the
most part due to concern about getting sick. Will probably get sick anyway
though. 🤷

I learned recently, after decades of believing the opposite, that
brand-name drugs actually are better. Unfortunately I can’t remember
if it was Huberman or Attia, but it was a VERY reputable source. The TLDR is
that generic drugs are sometimes identical in quality to brand-name and
sometimes WAY worse, depending on where they’re sourced from. Whereas
brand-name versions are always sourced from the top-tier providers. Wow.

If you like the format of the vulnerabilities update you can thank Michael
from the community for that. He mentioned missing always having a
vulnerabilities section, and I’d been thinking about a more narrative style
intro to that section for a while. So this week is the first version of it.
It should be quite good within a few weeks.

IDEAS & ANALYSIS

What to Build as a Founder 
People often ask: “How do you know what to build as a founder?”
I can explain: “Build the stuff that you wish existed.” This is related to
Martin Scorsese’s quote, “The most personal is the most creative.” Create
businesses around the services that you yourself need.
X
(I can’t believe I’m really typing that instead of TWITTER)

RTO = RIF
RTO is a sneaky way of doing a RIF. They just give exceptions to the
super-talented and start from scratch with the few people who move.
X

DISCOVERY

⚒️
Llama 2 Powered By ONNX
— Microsoft has released an optimized version of the Llama 2 model, a
collection of pretrained and fine-tuned generative text models, that runs on
ONNX. It’s designed for developers to use, modify, and redistribute under
the Llama Community License Agreement. | by
Microsoft
|
GITHUB

InfoSec Resume Tips
— Reddit user fabledparable shared some extended resume writing
guidance for InfoSec professionals. The advice, posted on r/netsec, includes
tips on how to make your resume stand out in the cybersecurity field.
REDDIT

Jobs’ Interview Technique
— Steve Jobs had a unique approach to job interviews, preferring to take
potential hires out for a walk and a beer, rather than sticking to formal
office interviews. This unconventional method was aimed at breaking the
trend of scripted responses and getting to know the person better, while
still looking for the ‘A-Players’.
JOE

Therapy Culture’s Impact
— David Brooks argues that therapy culture seems to be making us less mature
and resilient. He argues that the focus on trauma and mental health has led
to an epidemic of immaturity, referencing works like “The Culture of
Narcissism” and “The Coddling of the American Mind”. Similar to a recent
post of mine.
NYTIMES

Generative Agents
— The research team behind “Generative Agents: Interactive Simulacra of
Human Behavior” has released their core simulation module for generative
agents on GitHub. The module simulates believable human behaviors in a game
environment and comes with detailed instructions for setting up the
simulation environment and replaying the simulation as a demo animation.
GITHUB

Q&A System Evaluation
— LangChain has added a new tutorial to their LangSmith Cookbook, focusing
on how to measure the correctness of a question-answering system.
TWITTER

Vim Boss
— This post pays tribute to Bram, the creator of Vim, highlighting his
principles, modesty, and the deep value he provided to the universe. The
author, Justin M. Keyes, emphasizes that Neovim, a derivative of Vim,
continues Bram’s legacy in terms of maintenance, documentation,
extensibility, and embedding.
NEOVIM

Self-Education Through Reading
— The author shares his unique approach to self-education through a lifetime
of reading, emphasizing the importance of discipline, consistency, and
mental focus. He details his strategies, such as reading challenging books
for mind-expansion, reading slowly to deeply understand the content, and
keeping track of his reading progress.
HONEST-BROKER

iOS 17 Features
— The author of this 9to5Mac article shares his favorite iOS 17 features,
including the improved autocorrect, multiple timers, and the ability to
transcribe voice messages in iMessage. He also mentions some features that
are yet to work perfectly, such as the Personal Voice and Live Voicemail.
9TO5MAC

Yes, AI is Creative
If humans can’t tell the difference between human and AI creativity,
then AI has creativity. The only way to get out of that pickle is to define
creativity as something only humans can do, which is cheating. HT: Joseph.
ONEUSEFULTHING

RECOMMENDATION OF THE WEEK

When you do covid tests, make sure you’re testing
like this. I’d do it even if it was some random guy saying so (because it makes
logical sense), but the source is a doctor with tons of legit bona fides.

TL;DR: Swab the back of the throat, roof of mouth, cheeks, AND deep in the
nose. Results are often massively different, as
he shows.

APHORISM OF THE WEEK

❝  

We don’t see things as they are, we see them as we are.

  Anaïs Nin

We’ll see you next time,