- Unsupervised Learning
- Posts
- UL NO. 424: Raising Security's Floor
UL NO. 424: Raising Security's Floor
Insane Video Deepfakes, Devin Gets Slack Access, New Fabric Patterns, AI Application Interfaces, Let Grow, and more…
Daniel Miessler
March 19, 2024
Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.
TOC
Hey there!
Added some really sick Patterns to Fabric this week!
⚙️
create_better_frame: Takes any type of input where someone is presenting, interpreting, or commenting on the world, and does two things: 1) it creates negative frames for seeing that content, and 2) offers more positive frames. Basically, it provides a positivity filter for any given input, should one choose to accept it. MORE⚙️
create_academic_paper: Takes any bullet points, article, essay, or anything else you’ve written, and turns it into a LaTeX-formatted academic paper format! MORE
Also, for anyone with a git repo, summarize_git_changes is a great way to see and share updates on recent progress. MORE
cd yourgitrepo
git log --pretty=format:"%h - %an, %ar : %s" --stat | head -n 500 | fabric -sp summarize_git_changes
Fabric’s latest updates
Also, Threshold (UL’s first commercial product) is imminent! Like I’m already in there and using it, and we’re making final tweaks now. It’ll launch in Preview, meaning there will be lots of changes in the next few weeks, but it will be useful from Day 1.
Can’t wait to share it. Hopefully this week and then in next week’s newsletter.
Ok, let’s get to it…
MY WORK
SECURITY
🚨This is a collection of full-video deepfakes that are seriously concerning. They’re generated by a commercial model, not like a government. MORE
💡We seriously need to build like a global Snopes platform. Like before the elections.
Idea: You get a bunch of Left people, Center people, and Right people and you build a platform that does like Snopes used to do with internet claims. It basically shows the content, and gives an analysis of why you should believe it, why you shouldn’t, and then a verdict. Plus you can have the platform be like a collection point for pro-con arguments, in super concise form. And yeah, it’ll use AI to do a lot of that collection and summarization.
Something like:
—
SITUATION: There’s a video of Obama saying it’s time for a pre-emptive strike against Mayanta.
ANALYSIS: The video is currently being analyzed by multiple experts. Here is what has been said so far:
Fox News Analysis: The video appears to be fake, created by _____. SOURCE
ONN Analysis: No evidence that the video is fake. SOURCE
CISA Analysis: This is a deepfake, read our analysis here. SOURCE
Brietbart: Obama has said similar things in the past so there’s no reason to disbelieve it. SOURCE
CURRENT CONCLUSION: Given the current evidence, we are ALMOST CERTAIN that this video is a deepfake, using Kent’s Words of Estimative Probability.
We need this service. And as Dan Kaminsky used to say, “We have the technology.”
The Left/Right cooperation won’t be perfect, of course, but it’ll be 1,000% better than nothing.
These deepfakes are too good for us not to have any trusted place for people to verify things.
There’s a supposed data leak of data on 71 million AT&T customers, but AT&T says it’s not from their systems. MORE
Someone built an AITM (Active In the Middle) attack tool using just 174 lines of code on Cloudflare Workers. It can supposedly fully bypass MFA on Microsoft accounts. MORE
Leaked documents reveal a Chinese hacking group's systematic attacks against 20 foreign governments and companies, including detailed operations and targets. MORE
Sponsor
🔍Enhance Enterprise Security: Ensure Device Trust and Protect Your Data!🔍
When you go through airport security, there's one line where the TSA agent checks your ID, and another line where a machine scans your bag. The same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices.
These days, most companies are pretty good at the first part of the equation, where they check user identity. But user devices can roll right through authentication without getting inspected at all. In fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its firewall turned off and hasn't been updated in six months. Or worse, that laptop might belong to a bad actor using employee credentials.
Kolide finally solves the device trust problem. Kolide ensures that no device can log into your Okta-protected apps unless it passes your security checks. Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Visit kolide.com/unsupervisedlearning to watch a demo and see how it works.
SpaceX is contracted to build a spy satellite network for a US intelligence agency. Makes sense. I can’t think of a cheaper and more reliable way to get a lot of satellites into space. MORE
Rohan Pandey modified llama2 to un-redact an email from Elon to Illya. MORE
Burglars are starting to use Wi-Fi jammers to knock out security cameras, making it harder to track them down afterward. MORE
Sponsor
VIRTUAL OPEN SOURCE POWERED SECURITY CONFERENCE
Join us for Hardly Strictly Security: The Ultimate Open Source Cybersecurity Conference. Mark your calendars for April 25th. This free, virtual conference is for security engineers, red teamers, bug bounty hunters, security leaders, and anyone who wants to celebrate and continue to leverage the power of open source to make our world more secure.
A Chinese company's leaked documents reveal a massive global hacking campaign. MORE
Fortinet has disclosed a critical SQL injection flaw in FortiClientEMS that could let attackers run code on systems. MORE
TECHNOLOGY
Steven Hao gave Devin access to his work stuff (questionable?), and it’s basically doing his job for him. Devin is even posting on Slack and asking questions, and using the responses to continue when he gets stuck. MORE
💡The amount of hate and hype towards Devin has been extraordinary. Definitely go check it out if you haven’t yet. It’s basically a code automation agent that does better than previous attempts.
Midjourney's new "Character Reference" feature finally lets you recreate the same AI character in different situations. Can’t wait to play more with this. MORE
Elon Musk open-sourced Grok, but not completely. They didn’t release any of the code required to train it. MORE
💡As I talked about before, I think we should only call a model “open source” if they release 1) the weights, 2) the data, and 3) the full training methodology—including code.
Covariant is launching RFM-1, aiming to bring ChatGPT-like capabilities to robots. This platform could revolutionize how robots understand and interact with the physical world, making them more adaptable and intelligent. MORE
💡AI is big. Robots are big. But the biggest is AI in robots.
Finland is rolling out a giant 'sand battery' to store heat in winter, showing 1 MW of power and a 100 MWh capacity. The technique uses excess electricity to warm sand and can meet a week's heat demand in winter with minimal energy loss. MORE
Nvidia's getting into humanoid robotics with its new AI platform, GR00T. The platform is designed to support a wide range of humanoid robots, including big names like Agility Robotics and Boston Dynamics, marking a significant push into the sector. Massively impressed with Nvidia right now. MORE
HUMANS
Hong Kong is implementing a new, Beijing-driven stringent security law that goes after treason and other types of dissent. The penalties are harsh, with up to life in prison. Hong Kong continues to get phased out, with China phased in. MORE
Midjourney is blocking AI-generated images of Trump and Biden going into the 2024 election. MORE
The U.S. unexpectedly added 275,000 jobs in February, surpassing economist predictions. But the unemployment rate went up slightly, to 3.9%. MORE
A really good thread here on Hacker News about experienced programmers not being able to find jobs. OP and commenters have a theory for why it’s happening. MORE
Some schools in England are adopting super strict policies, inspired by the Michaela Community School's success, to improve student behavior and academic outcomes. These schools enforce rigid routines and discipline, believing it helps disadvantaged students succeed, despite criticism of the approach being oppressive. MORE
💡I’ve been expecting to see a lot more of this, actually. Not just for disadvantaged students—which I can see it being great for—but for everyone. Reminds me of all the Man camps going on where you learn survival and hunting and stuff.
I see this as a counter to life being good, basically. Life for most people is fairly easy in terms of not being in danger, having enough to eat, etc., and people want to build character.
It’s hard to build character when everything is easy. So we should expect to see a lot more of making things artificially hard—on purpose—to help strengthen ourselves.
Like Stoic Resilience Training (SRT) or something. I’m for it, as long as it doesn’t get too out of hand.
Young men and women are drifting apart politically, with women going way more Left, and men staying largely the same. MORE | MORE
John Barnett, a former Boeing whistleblower, was found dead amid a lawsuit against the company. He exposed safety issues, including a 25% failure rate in emergency oxygen systems. MORE
🚨Toronto Police suggest leaving car keys at the front door to dodge violent run-ins with car thieves. It's a bit like saying, "Take my car, not me." MORE
💡This is how you get Republicans elected, and eventually—if things aren’t fixed—far-right governments like we’re seeing all across Europe.
Liberals can’t let Conservatives be the only people who enforce laws and maintain security. Or they can, but there will be consequences.
“They voted for THAT guy? Wow, the voters are evil and stupid!” Maybe. But people also like feeling safe. As usual, the answer is a hybrid:
Enforce laws strictly, largely as if criminals had a choice.
Invest heavily in at-risk groups before they commit crimes, largely as if they don’t.
Recent Boeing incidents have sparked far-right conspiracy theories about diversity causing intentional failures. Some extremists claim these mishaps are part of a plot to undermine Western civilization and promote communism. MORE
💡Wut? If someone can explain that one to me I’d appreciate it.
Using tap water in a Neti Pot can be deadly due to potential brain-eating amoebas. It's safer to use distilled or sterilized water for sinus cleaning. MORE
💡I feel vindicated. I’ve been using only filtered (reverse osmosis) water for mine for years. The best treatment I’ve found (along with an allergy pill) by far.
This analysis claims to show that people used to consume more calories without gaining as much weight. MORE
Fentanyl poisoning has become the leading cause of death for Americans aged 18-45. MORE
Over 2,000 U.S. newspapers have closed since 2004. MORE
Car washes are popping up everywhere because they're surprisingly profitable. MORE
IDEAS & ANALYSIS
I’ve had an absolute epiphone about politics, and really everything in the last couple of months. Specifically from the concept of Framing. I feel like it’s a model with extraordinary explanatory power, and I’ve not found anything it can’t explain. It’s becoming my primary Unified Theory. I’m prone to excitement though, so I’m going to let it sit for a while before I write another big piece about it.
—
Really interesting back and forth with with Dino Dai Zovi about the cybersecurity “floor and ceiling”.
Security is always roughly as good as it should be. We know this because if it needed to be better, it would be.
Most home locks are pickable, and most hospitals are ransomeware-able.
Each system has an acceptable level of security failure.
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 17, 2024
And further thinking made me expand on it here.
I don't think this is true on just multi-decade timelines. I think it's true on "an average day" timeline.
Think about how much we have of the following:
- Identity theft
- Account fraud
- Password reuse
- Companies constantly being hacked
- Ransomware
- Credential stuffing… twitter.com/i/web/status/1…— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ ☕️📚💡 (@DanielMiessler)
Mar 18, 2024
And this is my piece from 2018 that I think captures the idea best.
Basically, I think security is subordinate to innovation and daily life in most situations, and that it falls to an absolute minimum as a result. And as a result, we should guard our mental health against thinking people are steering us wrong, or that we’re massively neglecting something that urgently must be fixed.
In short, if it were urgent we would know because it would get fixed immediately. And if it’s not fixed immediately, it’s not urgent.
This isn’t a statement about any objective rating of what matters, or what’s more secure or insecure (see Framing above).
The only thing that matters is what people care about and worry about. And that’s why we can spend billions barely moving the needle on a thing that’s not that important, while completely ignoring worse risks that don’t inspire people to care.
NOTES
We had a banger UL meetup this month where a member shared their super tricked-out keyboard. It’s the exact type I’d been looking up already and trying hard not to get into. But he made such a compelling case that I’m now going down the rabbit hole. Send help. Also don’t click this link. MORE
I’m emotionally moved, and technically astounded, by the fact that Voyager 1 is a light day away from us. A LIGHT DAY. 24 hours at the speed of light, just to send and receive a signal. Oh, and the thing keeps like dying and then coming back online. What a hero.
DISCOVERY
🛡️ haktrails is a Golang client that makes querying SecurityTrails API data super easy. Especially useful for bug bounty hunters. | by hakluke | MORE
⚙️ Openapi-tui lets you interact with APIs defined in openapi spec right from your terminal. | by zaghaghi | MORE
I Stopped Loving Captain Kirk MORE
Solarpunk is the new Cyberpunk MORE
Steve Pavlina's "Do It Now”. Takes me back. One of the early influences on my approach to productivity. From 2005! MORE
Minimal Viable System. MORE
Which Skills Are Least Likely to Be Replaced by AI? MORE
Amanda Askell talks about why Claude 3’s system prompt is so good. MORE
Spreadsheets as Simulation Tools MORE
The Getty has released nearly 88,000 art images for anyone to use for free. MORE
RECOMMENDATION OF THE WEEK
Share Let Grow with people! Absolutely love this project!
It’s about teaching independence and resilience to kids.
Watch this (it’s 4 minutes).
The most effective and most fun way to reduce anxiety in elementary and middle school students is the Let Grow Experience. Below is a 4 minute video about it, very moving. Parents: ask your kids' school to try it. It's free. Visit
— Jonathan Haidt (@JonHaidt)
Mar 18, 2024
Please share this with anyone you know who cares about raising healthy, independent kids.
APHORISM OF THE WEEK
I am not what happened to me. I am what I choose to become.
Thank you for reading.
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶
Yours,
