Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.
Well, this weekend was quite a year.
-
I binged Seasons 1, 2, and 3 of Sam Altman this weekend. Microsoft is streaming Season 4 starting this morning, starting with most everyone quitting if the board doesn’t resign.
🔎 Here’s my analysis of the situation.
-
Functionally, Ilya left and started a new company with people who want to approach AGI very slowly and carefully—exciting nobody.
-
🔥I just got done doing some magic with Whisper (an IlyaAI project) and my own RPGSession AI. I’m now taking our live weekly RPG sessions and turning them into full summaries and even “Previously On Crown and Mayhem…” audio teasers! LISTEN TO IT
-
I’m reading probably the most interesting piece of fiction I’ve read in…maybe forever. It’s Kafka on the Shore, by Murakami. The way this book is building characters, story, and suspense is insane.
Can’t wait to see what Sam and team does next, whether he’s at Microsoft, back at OpenAI, or out on his own.
I hope you have a less exciting week than Sam’s weekend. Let’s get into it.
Insane amount of output this week!
🔥🚨Sam Altman Wants AGI as Fast as Possible, and He Has Powerful Opponents
My analysis and theory of how Sam Altman was removed from OpenAI by the forces for XRisk and EA. MORE
🛡️SEC vs. SolarWinds is CyberSecurity’s ENRON Moment
My essay analyzing the SEC case against SolarWinds, and how it’ll affect cybersecurity going forward. MORE
⚔️ My AI Summarization of a D&D Session + Previously On Trailer + My Deefaked Voice
This is was SUPER fun to make, and we’re going to do it for all our sessions going forward. Nothing beats tabletop RPG with friends! LISTEN TO IT
👋 I continue to work on making the news sections as concise yet rich as possible, which is the unique approach for the UL newsletter. As such, I’ll putting only the especially interesting, surprising, or notable stories in the main SECURITY section, because most Vulnerabilities and Incidents are so commonplace that they’re becoming noise. I will still have them down below in their own sections so you get the coverage!
🤯This is nuts. A ransomware group has added a new technique to their arsenal: threatening to report a company to the SEC if they don’t pay. Actually in this case they just straight up reported them. But now this is a move other groups can use. Compromise, start the clock, and tell the victim you won’t report them if they pay. MORE
TikTok is under massive scrutiny because Bin Laden’s “Letter to America” went viral on the platform despite its extremely anti-American and antisemitic language. Similar to the pro-Palestinian bias on TikTok, TikTok’s leadership is saying they’re not influencing anything. “Young people are just pro-Palestine”. That could very well be true, but I hate the fact that they (see the CCP) have the ability to influence what millions of America’s kids are seeing and thinking. MORE
The FBI is intensifying its scrutiny on Hamas-related activities in the US following the group’s unexpected strike on Israel. In a recent testimony, FBI Director Christopher A. Wray highlighted the increased threat level to the US after last month’s attack by Hamas on southern Israel. MORE
Get Ahead of Threats: Continuous Threat Exposure Management
Get actionable intelligence that cuts through the noise of data from public GitHub repositories, infected device markets, illicit Telegram channels, etc. Integrating into your program in 30 minutes, the platform empowers practitioners of all levels.
AlphaLock, a new Russian hacking group, is going Silicon Valley with live performances, a slick UI, offering hacker training, and monetizing through an affiliate program. They’ve built a two-part business model: first, they train hackers via online courses, and second, they plan to profit from these trained hackers through an affiliate program on the dark web. Sorry to say, but I’m impressed. MORE
Israel is reportedly using NSO’s Pegasus spyware to track Hamas-related kidnappings and murders. I’m torn on this. It legitimizes this kind of software, but if there ever were a legitimate use, I suppose this is it. MORE
Google just dropped new Titan security keys. They’re available with USB-C and USB-A connections, they’re FIDO2 compatible, can store over 250 passkeys, and also include NFC for easy mobile device pairing. MORE
-
🚨Patch Tuesday Alert — Microsoft’s latest update fixes 60+ vulnerabilities, including three exploited zero-days. | CRITICAL | CVE-2023-36025, CVE-2023-36033, CVE-2023-36036 MORE
-
🪳Fortinet Vulnerability Alert — Fortinet has issued updates for critical vulnerabilities in FortiClient and FortiGate. | HIGH | CVE-2023-38545, CVE-2023-38546 | CVSS Score: Not provided MORE
-
🪳WordPress Plugin Flaw — Over 600,000 WordPress sites are at risk due to a WP Fastest Cache plugin vulnerability. | HIGH | CVE-2023-6063 | CVSS Score: 8.6 MORE
-
🪳SAP Business One Flaw — SAP’s latest patch fixes a critical vulnerability in Business One. | CRITICAL | CVE-2023-31403 | CVSS Score: 9.6 MORE
-
🪳SSH Key Exposure — Researchers found a new way to snatch SSH keys due to computational errors. | CRITICAL | No CVSS Score provided MORE
-
⚠️ MeridianLink SEC Complaint — AlphV reported MeridianLink to the SEC for not disclosing a recent breach. | SEVERITY: MEDIUM | RESPONSE: MeridianLink claims minimal business interruption and no unauthorized access found. MORE
-
🪳FortiSIEM Critical Bug — Fortinet has found a critical bug in FortiSIEM that lets attackers run commands remotely. | CRITICAL | CVE-2023-36553 | CVSS Score: 9.8 MORE
-
🪳VS Code Extension Flaws — Third-party VS Code extensions have markdown vulnerabilities. | CRITICAL | MORE
-
🚨Juniper RCE Exploit Chain — CISA alerts of active exploitation of critical Juniper vulnerabilities. | CRITICAL | CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 | MORE
-
🚨Zimbra Email Heist — Attackers exploited a Zimbra email server 0-day to steal data from various governments. | CRITICAL | CVE-2023-37580 MORE
-
⚠️Denmark’s Energy Sector Hit Hard — Denmark’s energy firms just faced their biggest coordinated cyberattack, with hackers exploiting Zyxel firewall flaws to hit 22 companies. | HIGH | CVE-2020-28771, CVE-2023-33009, CVE-2023-33010 | MORE | MORE
-
⚠️Mr. Cooper Cyberattack — They know some customer data was lost but they were able to get many systems back online. RESPONSE: They’re still determining the scope of the intrusion and damage. MORE
-
⚠️ Truepill Data Breach — Over 2.3 million customers’ personal health information was exposed. | SEVERITY: HIGH | RESPONSE: Notification letters sent, lawsuits pending. MORE
-
⚠️ Toyota Ransomware Threat — Medusa ransomware gang hits Toyota Financial Services, demands $8 million. | SEVERITY: HIGH | RESPONSE: Systems taken offline, law enforcement engaged. MORE | MORE
-
⚠️MySQL Under Siege — MySQL servers are being hijacked by the ‘Ddostf’ botnet for DDoS attacks. | HIGH MORE
-
⚠️ Law Firm Ransomware — Allen & Overy hit by LockBit ransomware, possibly exploiting CitrixBleed. | SEVERITY: MEDIUM | RESPONSE: Affected a few storage servers, no major data loss reported. MORE
15 Minutes Is All It Takes To Be Up And Running With Automox
Stop wrestling with manual work, complexity, and limited insights across your endpoints.
This guy built an AI that takes screenshots from his camera and narrates the image in the voice of David Attenborough. SO CREATIVE. MORE | MORE
Google DeepMind’s AI just outperformed traditional weather forecasting for the first time, predicting up to 10 days ahead with higher accuracy than traditional techniques. The AI, called GraphCast, surpassed the European Centre for Medium-range Weather Forecasts in 90% of the 1,380 metrics evaluated, including temperature and wind. MORE | MORE
Tesla is building old-style drive-in diners with tons of services available. This is the thing I like about Sam and Elon; they’re trying things, making things, doing things. I can’t stand Elon on Twitter most of the time, but he’s a lot more human and kind in interviews, and I love that he’s creating. MORE
YouTube is going after AI-generated content by requiring labels on videos that might mislead viewers into thinking they’re real. The new policy will apply to videos that are either altered by AI or entirely synthetic, especially if they cover sensitive topics like elections or health. MORE | MORE | MY PIECE ON AI INFLUENCE LEVEL
Google’s paying 36% of its search revenue from Safari to Apple, according to recent court testimony. No wonder Apple’s ok with not doing their own search engine. Seems to be working out pretty well for them. MORE
Amazon has cut hundreds of jobs in the Alexa department. Not sure what that means exactly, but I can tell you it doesn’t say good things for the adoption of voice interfaces on smart speakers. It looks like Benedict Evans continues to be right in our debate about how quickly voice interfaces would be adopted. I argued they only had to get “so good”, and then they’d take off. Perhaps they just haven’t hit that point yet. MORE
Sweden is planning a ‘massive expansion’ of nuclear energy to secure energy independence and combat climate change. The move includes constructing new reactors and extending the life of existing ones. MORE
Young Americans are increasingly siding with Palestinians over Israelis. A new survey shows a 7-point drop in overall sympathy for Israel since October, with only 54% of U.S. voters now more sympathetic to Israelis compared to 61% previously. Among voters aged 18-34, sympathy for Israelis has significantly shifted, with 52% now expressing more sympathy for Palestinians, and a significant 66% disapproving of Israel’s response to recent Hamas attacks. MORE
Exxon Mobil is jumping into lithium production in Arkansas, eyeing the booming electric vehicle battery market. I think this is extraordinarily smart. It’s not just electric vehicles, but batteries in general are about to be massively needed. What better way to hedge against oil’s decline? 4D chess, these people. MORE | MORE
Hate speech targeting Jews and Muslims has surged online, linked to the Israel-Gaza conflict. Researchers found a significant increase in antisemitic and anti-Muslim comments on platforms like Facebook and Instagram, fueled by recent tensions. MORE | MORE
Homeschooling is surging in the U.S. Experts originally thought it was just a pandemic blip, but the Washington Post reports that homeschooling, covering over 60% of school-age kids, continued to grow through the 2022-23 year. In my mind it comes down to the loss of trust in institutions. People simply aren’t trusting the schools to teach kids what the parents believe. MORE
I’m about to show you simply the coolest Vim Setup video ever created. Like by a factor of 35X. Unspeakably brilliant. I’m like inspired after watching this. Watch the video to love Vim more. To improve your dotfiles. To get into Vim. To want to be an artist. To want to move to Japan. To be a better person. Just watch the video. Trust me. MORE
🔥⚒️ privateGPT — A tool for interacting with documents using GPT models privately, without data leaks, even offline. | by imartinez MORE
⚒️ Open-Source Threat Intel Feeds — A GitHub repo offering structured, free-to-use threat intelligence feeds for better security monitoring. | by Bert-JanP MORE
⚒️ Awesome-GPTs — A comprehensive list of GPT models on OpenAI, including a specialized model for navigating and recommending GPTs based on user queries. MORE
⚒️ HackerArt GPT — A GPT by my buddy Joseph Thacker (rez0) that makes you super cool hacker profile pics and art. | by Rez0 | MORE
⚒️ Screenshot-to-code — Turn screenshots into HTML and Tailwind CSS with AI, using GPT-4 Vision and DALL-E 3 for image generation. | by Abi Raja MORE
⚒️ CVE Watcher — A tool for spotting CVEs before patches are released, helping you stay one step ahead of vulnerabilities MORE
⚒️ Ahref — A tool for monitoring SEO health, understanding backlinks, and analyzing traffic-driving keywords. MORE
⚒️ Hallucination Leaderboard – tracks how often language models make stuff up when summarizing text. | by Vectara MORE
⚒️ ASCII-Gen — Turn your images into ASCII art with this Rust-based command-line tool. MORE
⚒️ Free Burp Collaborator — Learn how to set up your own Burp Collaborator for free using Cloudflare Workers. | by Gabriel Schneider MORE
🔎 AI Decision Making— Using ChatGPT with mental models like First Principles Thinking, Second Order Thinking, and Regret Minimization Framework to make better decisions. MORE
Meta brings us a step closer to AI-generated movies MORE
🎵Google’s new AI music creation tooling MORE | MORE
How to Stop Spam Calls on iPhone MORE
How to Keep Your Bank From Closing All Your Accounts MORE
✍️ More people should write MORE
We don’t do DST at this company MORE
🔥My favorite new developer / creator MORE
People think white AI-generated faces are more real than actual photos MORE | MORE
GPT-4’s Abstract Reasoning Gap MORE
More Americans believe crime in US is becoming ‘extremely’ serious MORE
Teens don’t want Android MORE
TikTok is becoming a very popular news source MORE
Melatonin Overuse in Kids? MORE
Pesticides are being linked to infertility MORE
The Discoverability Dilemma MORE
The gang crisis in Sweden MORE
iPhone is getting RCS, finally… MORE
Sony Unveils Its Full-frame Global Shutter Offering — The Alpha 9 III MORE
Amazon Now Sells Cars MORE
RECOMMENDATION OF THE WEEK
The best Vim setup guide I’ve ever seen, but more than that—it’s the best setup guide PERIOD that I’ve ever seen. It’s just a brilliant way to present content, full stop. MORE
❝
Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.
Hellen Keller
UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.
So if you know someone weird like us, please share it with them. 🫶