Exploring the intersection of security, technology, and society—and what might be coming next…
Standard Web Edition | March 13, 2023
Happy Monday, let’s attack the week.
MY WORK
🔥 SPQA: The AI-based Architecture That’ll Replace Most Existing Software
This is a shorter version of last week’s essay about the new GPT-based software paradigm. This one is more to the point and has more examples. READ THE ESSAY
🎙️UL Sponsored Interview with KOLIDE
In this interview I talk to KOLIDE’s founder and CEO, Jason Meller, about why he started the company, the problems he’s looking to address, and his unique approach to solving them. LISTEN
SECURITY NEWS
SVB Crash Analysis
Here are the major points on the SVB situation:
- Silicon Valley Bank was used by a massive percentage of silicon valley startups
- They had unsafe investments in mortgages that went sour due to the housing crash
- When people started realizing it was going bad they rushed to withdraw their funds
- They didn’t have enough money to cover people’s withdrawals, so the bank went under
- Yesterday (Sunday) the government stepped in and said they would cover all withdrawals, not just those that were FDIC protected
- If this had not happened there was broad consensus that it could have triggered a widespread run on many banks and caused an unprecedented banking crisis
- Questions remain on how this wasn’t addressed sooner, and what can be done to stop it from happening in the future
NYT ANALYSIS
Analysis of the New US Cybersecurity Strategy
Krebs did a full analysis of the US’s new cyber strategy, and here are some of the highlights:
- Getting companies to take responsibility for the vulnerabilities in their software
- A framework that companies can adopt to show they’re doing so
- An explicit callout of China as the most active and dangerous cyber threat
- IoT security product labels
- Expansion of the National Cyber Investigative Joint Task Force
- Expanding Trump’s EO 13984 which requires cloud services to identify foreign groups using their services
Lawfare’s analysis broke it down like this:
- Defend infrastructure
- Disrupt and dismantle threat actors
- Shape market forces to drive security and resilience
- Invest in a resilient future
- Forge international partnerships
KREBS ANALYSIS | LAWFARE ANALYSIS | FULL STRATEGY PDF
Cerebral Mental Health Startup Shared Data With Meta, TikTok, and Google
The mental health startup shared names, dates of birth, insurance information, and worst of all—the contents of mental health self-evaluations—with social media companies. This affected over 3.1 million patients of the company. MORE
Sponsor
Are Your Security Solutions Privacy Compliant?
Whether you answered yes or no, global privacy laws can be murky and, oftentimes, confusing. hCaptcha’s privacy white paper cuts through the noise and will help you learn the ins and outs of global privacy laws and how they can impact your organization.
The white paper explains:
-
How to meet the requirements established by international privacy laws
-
How to navigate your liability as an online property owner
-
How to evaluate your security stack for privacy compliance
-
And much more
Ensure that your company remains compliant. Download our privacy white paper today!
hcaptcha.com/ul
Persistent Sonicware Malware
Mandiant says Chinese attackers are hitting unpatched SonicWall SMA 100-series gateways and infecting them with credential-stealing malware that persists through reboots and firmware upgrades. MORE
12GB Acronis Leak
An attacker known as kernelware dropped a 12GB bundle of data from Acronis, a data protection company. The archive included certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scrips for an Acronis database, and backup configurations. They said they were bored and the company’s security was ‘dogshit’ so they wanted to humiliate them. MORE
AI Voice Scams
$11 million was stolen via AI voice scams in 2022. I expect that number is highly underestimated, and that it will balloon massively in 2023. The latest thing is voice spoofing loved ones using AI and adding that to the scam. MORE
Why do Chinese Billionaires Keep Vanishing?
Bao Fan is the latest Chinese billionaire to disappear from the public sphere, and the questions are becoming louder. My analysis is that this is great for the west, and for the United States. The best possible outcome right now for China’s enemies is for China to continue with this policy, which will quietly push anyone talented and smart out of the country. MORE
🪳Critical Flaws in FortiOS and FortiProxy
Fortinet has patched 15 different flaws, including a 9.3 rated in the FortiOS and FortiProxy admin interfaces that allows for RCE and DoS. MORE
Sponsor
You’ve Got Assets? We’ve Got Answers
JupiterOne collects more asset data than any other provider, and shows you the relationships between those assets in seconds. It’s not just about connectors and data; it’s about the types of questions you can ask to get the relevant answers for your security program.
We go beyond endpoints, IP addresses, users, and devices, and ingest data from CSPs, SaaS apps, code repos, IAM policies, security controls, vulnerability findings, and more. This enables you to ask questions like: “What internet-facing applications are running systems affected by log4j, and who owns those systems?”
jupiterone.com/unsupervisedlearning
TECHNOLOGY NEWS
🤖⚠️ LLaMA on an M1 Max 64GB
Lawrence Chen got the leaked LLaMA LLM running on an M1-based Mac. I think it’s about to become trivially easy to have your very own AI running at home, and that’s both glorious and scary. What happens when people start asking it how to attack people, or create bio weapons, or … a million other things? It doesn’t matter if OpenAI is safe when you have widely-available AIs you can run on consumer computers. MORE | SIMILAR PROJECT by MATT RICKARD
Additive Prompting
Nick St. Pierre gets something called Additive Prompting working to create some stunning interior design and architecture photography. He shows his prompts and they work in not just MJ but all the various image-generation technologies. FULL THREAD
Discord Rolls Out AI Integration
AI is becoming the must-have feature for companies, but I’m especially happy to see it come to Discord so quickly. Its integration creates someone named @Clyde, which is an AI bot you can chat with and have do stuff for you on your server. MORE
HUMAN NEWS
Andrew Huberman’s Advice for Adjusting to DST
“To get up easily at (the new) time tomorrow & thereafter, today (Sunday) stack these especially potent circadian clock phase shifters: 1) View sunlight before the sun is overhead (even if through cloud cover), and 2) Exercise (ideally outside) before 2PM” TWEET
American IQ Decline
Americans’ IQs just declined for the first time in almost 100 years. One theory is that education as worsened, but researchers aren’t sure of the cause. MORE | PAPER PDF
Around 40% of Software Engineers Only Work Remotely
Hired did a study and found that almost half of software engineers will pass on a job unless it allows them to work remotely. MORE
Why Did Liberal Girls’ Mental Health Sink the Fastest?
Analysis of mental health data across gender and political affiliation. MORE
IDEAS & ANALYSIS
What About Data Science?
What’s going to happen to Data Science when GPTs (and whatever comes next) take over? The major advantage of having data scientists was the fact that they could wrangle unwieldy data into a usable form. And they could help us ask questions. Don’t GPTs largely do this for us? Especially those like ChatGPT that are designed to interact like humans. I think there’s about to be a giant whooshing sound coming from the data science field. To be clear, the people themselves are highly skilled and many will be able to pivot into building GPT-based apps (perhaps in the SPQA space), or they’ll become AI-Whisperers. But the field itself seems a bit doomed. SHARE & DISCUSS
NOTES
Congrats to Charles Blas in the community for winning the UL Referral AirPods Pro 2 giveaway from February! I’m giving them to him in person this week!
We have a member of the UL Community who’s looking for his next marketing job. He’s not just an experienced marketer, but he’s also super sharp on current technologies and overall highly curious about the world. If you’re a scrappy startup looking for an edge, reply here so I can put you in touch!
I think I need to start looking for a GPU rig. With the release of LLaMA I feel like similar models will continue to be built and/or leak, and it’ll soon be possible to have your own version of something ChatGPT-like running for your own use. I definitely want that. So what’s the best way to build a box that chains together like 4 massive GPUs? Or will it be better to just buy a massive Mac Pro with M2 or M3 chips where the GPUs can use all available memory? Thoughts? Create a thread in Discord and we’ll discuss.
DISCOVERY
⚒️ llama_index — LlamaIndex is a simple, flexible interface between your external data and LLMs. It provides the following tools in an easy-to-use fashion
- Offers data connectors to your existing data sources and data formats (API’s, PDF’s, docs, SQL, etc.)
- Provides indices over your unstructured and structured data for use with LLM’s. These indices help to abstract away common boilerplate and pain points for in-context learning:
- Provides users an interface to query the index (feed in an input prompt) and obtain a knowledge-augmented output.
TOOL | by Jerry Liu
⚒️ CodeGPT.nvim — CodeGPT.nvim is a neovim plugin that allows you to call OpenAI to do code completion, refactoring, generating documentation, etc. TOOL | by Darby Payne
⚒️ writeout.ai — Give it an audio file and it’ll output a transcript. TOOL | by Beyond Code
📢 [Sponsor] — Are your websites being overrun by fraud rings, account takeovers, and other sophisticated automation? hCaptcha uses continuous learning and its powerful SecurityML platform to block even the most advanced bots and fraud. LEARN MORE
Apple gains popularity with GenZ and premium buyers — High-end customers and young people are increasingly going with the iPhone over top Android phones. My read is simple: Apple thinks about the experience, while their competitors think too much about the technology. That turns the iPhone into a luxury device and Android phones into gadgets. WSJ
How to YubiKey: A Guide to YubiKey Configuration MORE
📢 [Sponsor] — Can you answer complex questions about what assets you have, which are facing the internet, and who owns those systems so you can get them fixed if there’s a new vulnerability? If not, you should look at JupiterOne. It’s like a unified question-answering platform powered by your own assets. LEARN MORE
Who blew up the Nordstream pipelines? MORE
Physics Girl is in bad shape due to complications from Covid. She can’t even get out of bed currently, and this is an update from her friend. Heartbreaking. She’s one of science’s best assets. MORE
RECOMMENDATION OF THE WEEK
Kindness-based TV
I highly recommend you watch two shows from someone you might not expect. Ricky Gervais. The shows are:
- After Life (Netflix)
- Derek (Netflix)
They are the most wonderfully human TV I’ve ever seen, and I cannot recommend them enough.
APHORISM OF THE WEEK
“The future is always beginning now.”
Mark Strand