👉 Continue reading online to avoid the email cutoff issue 👈

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

TOC

INTRO

MY WORK

SECURITY

TECHNOLOGY

HUMANS

IDEAS & ANALYSIS

NOTES

DISCOVERY

RECOMMENDATION OF THE WEEK

APHORISM OF THE WEEK

INTRO

Hi!

Super hyped for this week. I’m making great progress on adding stuff to my AUGMENTED AI class, which I’m giving live on Saturday. We’re closing signups on Wednesday, so get in while you can! RESERVE A SLOT

I’ve also got a ton of work done on my big open-source AI project I’ve been telling you about for a while! And I’ll be releasing that probably next week! I cannot wait to share this thing!

Alright, let’s get into it.

MY WORK

AI’s Predictable Path: 7 Things to Expect from AI in 2024+
My latest essay on where AI is heading, based not on trying to guess future tech, but based on looking at what all humans want. READ IT

My Response to Cory Doctorow Saying AI is a Bubble
Cory Doctorow thinks AI is a bubble and that it’s going to blow up soon. I think he’s right about a lot of valuations and gimmicky companies, but very wrong overall. READ IT

SECURITY

LastPass is mandating at least a 12-character master password after last year's security situation(s). Updates also include checks against breached credentials and other protections against credential-stuffing attacks. MORE 

Mandiant’s X account got taken over, which is a bit embarrassing for a security company as well-respected as them. It’s not clear yet what the failure was, i.e., whether it was a password/2FA issue or a vulnerability like the XSS/CSRF one reported by Chaofan Shou. Mandiant is now part of Google. MORE

👋 Reminder to please check out our sponsors each week. They help us keep the newsletter and podcast as a viable business model, and are often sharing some pretty cool stuff. 🫶🏻

Sponsor

 🚨Unveiled: The 2023 Kubernetes Security Report🚨

Dive into the unseen depths of Kubernetes security with our latest findings! Our comprehensive scans of 200,000+ cloud accounts reveal a startling landscape of exposed containers ripe for the taking.

🔍 Inside, you'll unlock:

Expert analysis of Kubernetes attack vectors

In-depth breakdown of Kubernetes attack chains

Current statistics on security controls and mitigations

The best defenses against cloud attacks

It’s a current playbook on the best ways to address cloud threats.

🔗 Secure Your Insights:

 wiz.io/lp/the-2023-kubernetes-security-report

🔑Access Your Blueprint to Cloud Security Now!

⚠️ Stealthy AsyncRAT Attacks — US infrastructure has been targeted by AsyncRAT malware for 11 months. | SEVERITY: HIGH | RESPONSE: AT&T Alien Labs provides detection tools. MORE

Drones are becoming a go-to method for smugglers to transport drugs across borders. According to a Vice report, these unmanned aerial vehicles are increasingly being used to bypass checkpoints. MORE

🏥 HealthEC Data Breach — Over 4.5 million individuals had their personal data exposed in a breach at HealthEC. The compromised data includes sensitive information, which is always concerning. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

TECHNOLOGY

🤖 Some folks at Deepmind created a completely insane new robot. It does a lot of the stuff that we’ve seen promised for years, like cooking, cleanup, etc., and it’s all running off of consumer parts and compute. The demo video is a must. MORE

💡As big as AI is going to be, it’s nothing compared to that same AI inside of a household robot. TESLA is betting big on this, and so am I. Virtually everything about AI is made better by being in a physical form, but this is especially true for companionship, elderly assistance, and use cases like that. Being a security guy, however, I really do worry about the threat model here. Remote access and RCE to these things will be nightmare fuel.

📄 Principled Instructions Are All You Need Paper — A new paper is out describing how to get a stable 50% improvement in ChatGPT output. They provide 26 different techniques to get there. MORE

From the linked paper.

OpenAI's GPT store, a marketplace for custom AI agents, is set to launch this week after some delays. The platform will enable ChatGPT Plus and enterprise subscribers to create and sell personalized chatbots, and the more people download and use your GPTs, the more you get paid. MORE

Google is pushing to remove third-party cookies from Chrome in 2024, which critics are saying is way too fast. Critics argue that the industry will need far more time to get ready, and that solutions like Google’s Topics aren’t ready yet. Topics works by collecting things a given user is interested in and sharing that list, rather than sharing browsing history. MORE

💡 This Google Cookies thing is starting to feel a lot like a lot of their product rollouts, i.e., rushed and half-baked. The difference in this case is that it could cost them a LOT of money if they mess this one up. And potentially set the whole anti-3p-cookies effort back years.

Flush is an app that lets you book a cafe's bathroom for $5, aiming to solve the public bathroom problem. The app, created by Elle Szabo, offers a double-sided marketplace where businesses can list their restrooms for rent and users can reserve them, with Flush taking a 5% cut. MORE

Starlink just launched satellites that'll let you use your LTE phone from almost anywhere. It’s a partnership with T-Mobile to cover dead zones, and the service is expected to roll out by the end of 2023, starting with messaging and expanding to voice and data. MORE

Apple's Vision Pro headset might hit stores as early as January 2024, which means I should get ready to get in line. MORE

Microsoft believes so strongly in AI that they’re going to put a dedicated key on Windows keyboards. They’re calling it a Copilot button, but I think that’ll end up getting more generalized to the assistant button. Clippy in just one click. MORE

HUMANS

China's Ministry of State Security is cracking down on military fans sharing photos of army equipment online, threatening up to seven years in prison. MORE

Suicide rates among Gen Z, particularly girls, are climbing across English-speaking countries. The data shows a worrying trend, with suicide becoming a leading cause of death for young people in these regions. MORE | MY PIECE ABOUT PURPOSELESSNESS

From After Babel

The US economy outperformed on jobs by adding 216,000 positions in December. MORE

Gallup's latest poll reveals just 28% of Americans are satisfied with democracy, a new low. The drop from 35% follows a trend across all political affiliations, with Democrats at 38%, Republicans at 17%, and Independents at 27% satisfaction. The Republican trend line is super interesting, with them starting the highest and ending the lowest. MORE | MORE

Starbucks is now letting you use your own cup for drive-thru and mobile orders to cut waste. Starting January 3, 2024, the initiative is part of their goal to slash waste by half by 2030, making them the first national coffee chain to offer this option. MORE

Most Americans still reject the Jan. 6 Capitol riot, but a CBS News poll shows Republican disapproval is slipping. Three years on, 78% of Americans condemn the insurrection, yet Republican approval has grown from 21% to 30%. 30%. MORE

💡So just to be clear, Republicans currently have 17% support for Democracy, down from 80%, and 30% support for the January 6th riot, up from 21%. I get their point about the system and the Left, being broken. But authoritarianism ain’t it, my guy. Goodness.

California's courts have ruled that police drone footage isn't automatically off-limits to public records requests. The decision marks a win for transparency, as it clarifies that footage from police drones can be requested under the California Public Records Act (CPRA), rejecting the argument that all such videos are exempt due to investigative purposes. MORE

👉 Continue reading online to avoid the email cutoff issue 👈

IDEAS & ANALYSIS

Coming for Neri Oxman
There’s a witchhunt for Neri Oxman for some stupid reason. Business Insider wrote an “article” claiming she plagiarized part of her dissertation. But if you look at the actual claims, it’s like forgetting some quotes for someone she had already heavily quoted and cited numerous other times in the paper. It’s complete garbage. What I don’t get is the reasoning.

Like who thinks this is helpful to anyone? One possible reason is that her husband, Bill Ackman, had gone after the Harvard president for doing actual plagiarism, so someone decided to counterattack with the full force of the media. Super gross. Can’t wait for this kind of trash to be made transparent by armies of AI research bots.

And I know—I’m like seeing AI as the solution to everything—but there are lots of things AI won’t help, or will make worse. But in this case, we really do need to see connections between things that are virtually opaque due to complexity. Like I’d love to instantly know the backgrounds and political leanings of everyone who writes hit pieces on a given person—of any affiliation—combined with a sequence of events in time, combined with the claims made, etc.

AI will be exceptionally good at finding possible motives and plots in such things. And it’s not the type of thing that humans can do well. It’s too many threads, too many things to research, and then assemble, and then put together into a narrative. AI will do all that for us in minutes, and it’ll do it continuously.

Sure, it’ll also help people find connections and conspiracy in places where there is none. But that’s ok, because most other AInalisys will find that the connections are tenuous, and the conclusion is a stretch.

Anyway, these charges are crap, and I’m very tired of political takedowns of people just because they can. MORE | MY PIECE ON AI BRINGING TRANSPARENCY | GARBAGE “REPORTING”

NOTES

I’m playing a lot more with local AI models lately. Lots of Ollama but also oogabooga’s web UI for Hugging Face models. I’m going to be integrating these into my AI framework/ecosystem soon. GPT-4 is still king, but lots of use cases don’t need the king.

DISCOVERY

🎓 VIM for Pentesting — Tom Hudson, known as tomnomnom, teams up with STÖK to teach security people how to level up their command line game. This one is from like 2019 but it’s still one of the best videos of its kind. | by stokfredrik | MORE

🛠️ CrewAI — A new agent framework for creating different agents in different roles, and having them interact to produce an output. It’s like Autogen, but I think I like the structure better. MORE

Defining a Writer in CrewAI

🛡️WhiteRabbitNeo-13B — A fine-tuned version of Llama2 that allows you to ask both offensive and defensive security questions. MORE

🖥️ asitop — A super badass Python-based CLI tool for monitoring performance on Apple Silicon Macs, inspired by nvtop. | by tlkh | MORE

aistop output

🧐 Preparing for Security Engineer Interview — TryHackMe offers a comprehensive guide for security engineer interviews, blending general advice with technical sample questions. MORE

⏱️time cat — A super low-rent stopwatch for the command line. You run time cat and you CTRL-c when you’re done, and it tells you how long that was. lol | HT to Charlie Campbell for the tip.

🛠️ github-blog — Transform GitHub issues into a blog content management system with just an API. | by Renato Ribiero | MORE

🔗 Webmention.app — Automate sending web mentions for links on your site with this simple API. | by colindean | MORE

📱 Offline Chat Private AI — This app lets you run the powerful Mistral 7B 0.2 LLM on iPhone Pros, all without an internet connection. | MORE

Ivan Tolkunov built an AI to spot AI-generated images using a resnet-based model with FastAI on an M2 MacBook Air, hitting over 99% accuracy in testing. MORE

🟩 Greenphone — Create greenscreen prompts in Midjourney for custom art placement within an image. MORE

✍️ Typefully — A tool that makes tweeting easier with smart tips and automated features. Still messing with it, but I’ve heard amazing things about this one. MORE

📓 Weekly Wins Planner — A fresh template to help you organize your weekly achievements and ensure they align with your quarterly goals. It's a practical tool for staying on track. MORE

📄 Challenge Bowl Icebreakers — Looking to spice up team meetings? This free Challenge Bowl icebreaker template offers a creative way to engage team members with questions and activities that build camaraderie. MORE

The Antilibrary — A bookshelf of stuff you haven’t read yet. MORE

Potheads, Planners, and Players — Different ways to approach projects. MORE

RECOMMENDATION OF THE WEEK

Remember that goals don’t win us anything, which is why New Year’s resolutions seldom work. It’s all about the systems.

The algorithm for winning is:

Start with your goals

Build systems that will get you to those goals

Execute on the system

Another word for system is: routine. So it’s not about what you want to do, or set out to do. It’s about what you actually do, day-to-day, throughout the year.

So build the ultimate system/routine for 2024. That should be the top priority. Build the routine that—if you follow it—will result in you accomplishing your goals for the year.

No better time to do this than early January!

APHORISM OF THE WEEK

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Share UL with someone like us…

Yours,

Powered by beehiiv