UL NO. 424: Raising Security's Floor

a look at the sponsor. Definitely helps the show. When you go through airport security, there's one line where the TSA agent checks your ID and another line where a machine scans your bag. Same thing happens in enterprise security, but instead of passengers and luggage, it's end users and their devices. These days, most companies are pretty good at the first part of the equation where they check user identity, but user devices can roll right through authentication without getting

inspected at all. And in fact, 47% of companies allow unmanaged, untrusted devices to access their data. That means an employee can log in from a laptop that has its own firewall turned off, and hasn't been updated in like six months or worse. That laptop might actually belong to a bad actor. Using employee credentials, collide finally solves the device trust problem. Collide ensures that no device can log on

to your Okta protected apps unless it passes your security checks. Plus, you can use Collider and devices without MDM like your Linux fleet contractor devices in every BYoD phone and laptop in your company, visit collider.com/unsupervised learning that's collide.com/unsupervised learning to watch a demo and see how it works. All right let's get into it. So some really cool patterns for

fabric this week. Got one called Create Better frame. So basically any place where somebody is putting forth an opinion about anything and it basically makes it so that when you send that thing in, it looks at the negative way to look at that content, and it looks at positive ways to look at that content, and that's the output that it produces and the negative ways to look at the content. It's actually like in escalating levels. So if it's about dating for example, it'll be like, oh,

the dating scene is really bad. And then it kind of like catastrophizing that. And the next one is like, I'll never find anyone in the last one is like, why go on living if I'm always going to be alone? So it's like negative frames of thinking that could be

generated from a given article or something. And what this does is it also adds the positive ones at the end and says, no, it's more like, okay, dating apps aren't very good, but the final one there is, look, I already wanted to prioritize in-person meet ups and relationships anyway, so this is just support. This article about bad dating apps is just support for the fact that I wanted more in-person connection anyway, so it's a positive frame for

a thing. So the idea here is that this can function essentially like a positivity filter, which eventually will be like a function of days. So that's why I'm super excited about this one. Next one is create Academic paper. So this one takes any bullet points article, essay or anything you've written and turns it into like a LaTeX formatted academic paper. And it's pretty cool. It works great. And you just paste it into like an online latex

renderer and you get the results. Okay. Next one here is summarize git changes, which is a great way to see and share updates on recent progress for a git project. Yeah, so really cool. So you basically just paste in the front page of a GitHub project and it outputs like exactly how to install it or whatever. Oh actually that's a different one. That's a different one. That is explain project is actually the one I just described. This one is different. This one is called summarize get changes and

this is the output from it. So you basically do this git log command. And that pulls out like 500 changes. And then it produces this type of a summary of the actual project. So it's like here are all the features we added like all that kind of stuff. Also thresholds first commercial product or Ul's first commercial product called

threshold is imminent. I'm already using it and making final tweaks now, and it's going to launch in preview, which means they're going to be like tons of updates in like the first couple of weeks and months, but can't wait to share this thing. Wrote a piece called Personal Eyes will mediate everything, and it's just talking about, you know, what happens when Daz, your digital assistants are actually doing all the interaction with the products around you. And this

is kind of like a picture of that. In fact, we'll just go and look at that real quick. So it's like if you look at this picture, you go into a city street or whatever, you're surrounded by thousands upon thousands of APIs, demons from the things all around you, all the people, all the different buildings, all the all the streets and the cars and everything. And, you know, like the the driver service or Uber or whatever. And all of these are actually like products, and you might

want to order some food or something. And it has a menu and that's a product. And normally you would be going there and looking at it and flipping through. And as a result, people build applications in a certain way. Right. And with AI happening, an API is happening and DHA is happening. Humans aren't going to be the ones going to the webpage. They're not going to be. Ones looking at the catalog, they're going to know our preferences. They're

going to be doing all the looking. And then what they're going to do is they're going to pull all this content back via the API, and then they're going to use your own preferred way of looking at things inside of AR, and that's going to be shown inside your glasses or your lenses or whatever the the modality is. So you're going to have your own preferred UI interfaces

that you just like the best. Like it might look cyberpunk, it might look solar punk, it might look minimalist, or it might look like super pretty and gaudy and extravagant or whatever. And that's going to be how you see things. But again, like all these are company APIs, right? And her Da is now looking at these things and parsing

all that information for her. So the real question is, as a builder of a product like Google or like a product catalog or like Amazon, what does it mean to your company if nobody's coming to the website because the Das are coming to the website and there's going to be separate third parties that do the display, and that's going to change a whole lot about product development. And I don't know, really the economy in general. All right. Had a really cool sponsored conversation with Jason Miller of

One Password. And, uh, he was the CEO at collide and is still over that product inside of one password. And that is the sponsor slot that we read earlier as well. So thanks to Callide for sponsoring and, uh, security. So got a set of deepfakes here. Actually I'm going to click on these, right. I mean, this is the advantage of doing video, right. So I'm going to show a couple of these. Um, this one is the most scary one to me.

global Snopes platform. So you get a bunch of people left people, center people, right people, and you build a platform that does like Snopes, which is like it tests internet claims and basically says, is it real or is it crap? And it could be like a collection point for arguments, right? So it's something like, okay, there's a video of Obama saying we're going to attack Mylanta. The video is currently being analyzed, and then you have like streaming in. You have oh, it's created by oh, looks

to be fake. So Fox News says, oh it's fake. Oh. And then says there's no evidence that it's fake. Also known as they believe it's real or they want you to believe it's real. See some analysis. They're like, oh, this is definitely a deep fake. And all these are links to go actually look at their analysis. Right. And Breitbart is like, no, he probably said it or whatever.

So current conclusion is, given all the evidence, we are almost certain and that this is a thing roughly similar to what the CIA has used in the past to assess likelihood. So it's a good sort of scale to use for how certain you are about a certain thing. So, um, almost certain that this is a deepfake. So this is the conclusion of the site, and you've got all the evidence up here of like all the different analyses, they've all been collected in one place. So some people are

just not going to believe it. I mean, they're going to believe whatever they want to believe about the video because of predetermined bias. But we need to have a service in which somebody can see somewhat objective analysis, somewhat multi subjective analysis. And then finally a verdict is this thing real or not. And it could be like chances about even we don't know impossible. We also need to put like we just don't know. There's got to be one of the options. But we absolutely need the service.

And Dan Kaminsky used to be fond of saying we have the technology right. We can actually build this if we want to. And basically the deepfakes are too good to not have this. In the election season 2024, they were supposedly a data leak of 71 million AT&;T customers are saying it wasn't them. Someone build a active in the middle attack using some Cloudflare worker stuff. Really cool

bypass of MFA against Microsoft accounts. Leaked documents about a hacking group that was going after like tons of foreign governments. Just really nasty thing. SpaceX is contracted to build a spy satellite network for US intelligence agency. So Elon is building spy satellites for the government. That's interesting. I mean, who better to actually get satellites in space? I don't know of anyone. Rohan Pandit modified lama to to unredacted

an email from Elon to Ilya. So, uh, yeah. Unredacted content. Interesting. Burglars are starting to use Wi-Fi jammers. Oh, actually, this. This is our second sponsor. Hardly strictly security. I'm actually doing a talk here, so shout out to them in that conference. Yeah. Burglars are now using Wi-Fi jammers to knock out security cameras, and evidently it's starting to happen more. I've got a few cases. I think this was in Chicago.

Fortinet has disclosed a critical SQL injection flaw. Fortinet has had some issues. All right. Technology. Stephen Howe gave Devin access to his work stuff, which I'm like, how do you do that? That's, uh, that's an agent with full access to your account. This is like I've been talking about. This is the number one threat from AI, in my opinion, is people giving too much power to agents that have access to really strong APIs, such as posting on slack

on behalf of the human right. So, Devin, is this really controversial thing. It's basically an agent that writes code. There's a million of them out right now. This one is particularly well packaged. They had a good launch interview, and I think that's why they're getting so much pushback. It's like it just launched. Well it got a lot of PR. So that's why people are more mad at it than other things that they don't know about. That's

my theory anyway. Um, it can basically do tasks. It sets out a thing of tasks it needs to do to like write an application or something. Right? Well, if it gets stuck, it can go and search many different avenues to try to get unstuck. One of the avenues that Steven Howe gave it was to go on slack. So it actually goes on slack. I'm going to click this, look at this, this thing. It goes on slack. And actually, um, posts in slack to ask a question that would solve

its problem. And it got back a response, and it used that response to go and continue writing code, got unstuck and actually finished the project. And yeah, I was talking about this like so much hate towards Steven. I'm not sure why there's a million different platforms doing something similar. And uh, Midjourney new character reference feature finally makes things look the same. So check this out. This is all from one prompt. So basically you can have the same

person in different settings. And uh, that was not possible before. So that's really really cool feature now in Midjourney uh open source grok. Not really. Um, in my opinion, the weights, the data and the full training methodology are used for saying that a model is fully open source and grok did not get there. They did not release the methodology or all of it. At least Co-variance is launching RFM one,

which is bringing ChatGPT like capabilities to robots. AI is big, robots are big, but the biggest is AI in robots. This I think might move faster than we think everyone is thinking. You know you can't crawl under a house, you can't look at the piping from an old house and actually figure out how to fix this, like a an electrician or a plumber. And if you've seen what I can do, you've seen what some of these robot demos can do. And then you see how nimble these

little things can be. And like the dexterity of their arms and their hands. Combine that with local models and or, you know, pinnacle models that are available via the cloud. I'm not sure that this thing can't take pictures or stream video of pipe fittings and washers and, you know, be able to use wrenches and all this different stuff. I'm not saying it's going to be easy. I'm saying we should not be so arrogant as to think it's invulnerable,

like we currently seem to be thinking it is. All right. Um, Finland has a giant sand battery to store heat in winter. I didn't know this was possible. That one really excites me. And the other one that excites me is I'm trying to figure out is storing energy in water upstream. I can't remember how this works. I think they store the water and then they release the water through like a turbine that the water moves through as it goes downhill.

Something about the gravity and potential energy of all that weight, I think. Anyway, another way of like generating and storing energy. Yeah. Nvidia getting into human robots. Yeah. This thing, it honestly reminded me of Black Mirror. I saw a video of this thing jumping up like 3 or 4ft high and just like instantly just going over this giant obstacle at the Nvidia event. And it was terrifying. Hong Kong is implementing a new Beijing driven, stringent security law that goes

after treason and other types. And it's got like life in prison, I think maybe even worse, maybe even death. I mostly saw life in prison, though. Midjourney is blocking AI images of Trump and Biden. US added more jobs than usual, but unemployment went slightly up to 3.9. That is such a low number, but it trips me out that that number does not include people who don't want to work. So I mean, if you counted that, I mean,

it would be a massive number. A really good thread here on Hacker News about experienced programmers not being able to find jobs, super strict policies at private schools in England, rigid routines and discipline. And this is for disadvantaged students to help them succeed. And they've had really good results.

I don't know, I feel like this is probably going to be a trend, not just for disadvantaged students, which I think it's great for, but for everyone really reminds me of, like those man camps that are happening right now in like, uh, Appalachia mountains where you go off and you do camping and hunting like all these other manly things. And it's because people want to build character, right?

And you can't build character when everything is easy. So these schools or these man camps or whatever, it's a way of like getting to like this resistance training, this calculated suffering that builds character. Uh, women are drifting more left and men are not. So there's like a bigger gap than ever. Former Boeing whistleblower, the I think I don't know if he was the 1 or 1 of them, but found dead amid a lawsuit and, uh, some drama

around that. And Toronto police are now saying, leave your car keys at the front door so that when people break in, because we're probably not going to be able to help you. Basically, when people break in, you want to make it easy for them to take your car and so they won't come in and hurt you. And I think this is like how you get Republicans elected because Republicans are going to be like, I got an idea. How about we shoot the the attacker? How about we

don't allow this to happen? How about we have more police so we don't just accept break ins. And this is how you get like more right leaning people eventually getting to to like far right people like we're seeing all over like Sweden and, um, you know, Scandinavian countries where you have like huge like migrant crime problems. And the left is like, no, immigration is fine, which of course it is. But it's like when you're not addressing the issues, you give the power of the truth to

the far right. And like liberals cannot do this. And if they do, they're going to be consequences. So I think we need to, you know, do some sort of hybrid of like, you've got to enforce laws strictly and then you have to be very liberal in trying to make it. So that doesn't happen in the first place. So conservative in some ways, liberal in other ways. Uh, recent Boing incidents have got a far right conspiracy going that diversity is causing intentional failures, and it's part of

a plot to undermine Western civilization and promote communism. I'm like, somebody explain this to me. That seems fringe. Using tap water in the neti pot is bad. So this is the thing that cleans out your sinuses, which I need to do again right now. I did yesterday, but you should use sterilized water for this. I use my reverse osmosis water from the filter. You do not want nasty stuff. You're shooting it up like very close to your brain. Like your sinus cavity goes way up inside your your head.

So you do not want stuff up there that's like alive or poisonous or whatever. And if you look at Huberman recent episode on water, he says tap water is nasty. He's he's like, I don't want to alarm people, but it is alarming. It is nasty what I found in these tap waters. So don't shoot that up into your brain. How about that? This analysis is saying people used to consume more calories without gaining as much weight. Skeptical, but thought it was worth sharing. Uh, fentanyl poisoning the leading

cause of death for Americans 18 to 45 fentanyl. What is going on? 2000 newspapers have closed since 2004, and car washes are popping up because, uh, they make a lot of money. All right. Ideas and analysis. Uh. Epiphany. Epiphany. What is that? Uh, that, um, that shows you I don't use AI to to write the newsletter. I wouldn't have made that mistake. Yeah. So last couple of months, I'm not going to go into this one. This this is a big topic by itself. Basically, I'm learning a

lot about the power of framing. And it's kind of turning into like a, you know, universal like unified theory for me for a lot of things. But worth a separate discussion. All right. Really interesting back and forth with Dino de survie about the cybersecurity flaw and sealing. This one is a deep one. I'm not going to go into it. You should definitely go check it out. If

these types of deep philosophical security things are your jam. Basically, I think security is so important to innovation in daily life in most situations, and that it falls to a minimum as a result. And basically we should guard our mental health against thinking people are steering us wrong and that's why we have low security. But in fact, where a lot of security people think it's a horrible situation, it's actually not that bad because if it were that bad,

we would have fixed it. If it were urgent, we would know because it would get fixed immediately. And if it's not fixed immediately, then it's not urgent. And there's just like, I don't know, it's it's my view of security at this point. Um. And doesn't mean you can't make progress. You absolutely can make progress. It's just that progress tends to happen slowly and reactively. And a lot of security people are really upset about. They don't realize that.

So they're very upset because they think something can be done when they don't realize that they're hitting the ceiling of the difference between what can be done and what needs to be done. And security by default is a very efficient thing. So I should probably write a piece and like name it something like that. I think I saw a comment like security efficiency theory set or something. So it's like security wants to be as efficient as possible, which is why it's easy to pick locks all over

the country and probably all over the world. It's because that is the exact point of security that you need to have for it to be somewhat useful, but not to be an overspend. And that magical point I'm arguing, is usually way lower than what security professionals think it should be. They think the bar should be way up here, and I think that's what Dino was talking about. Let's raise the minimum bar. And my whole point I said I wasn't going to go into this, but here we are.

My whole point was you can't move that bar. That is security's efficiency baseline. And it's determined by reality. It's not determined by what should be or what security people want it to be. And it's related to this framing thing. So we'll leave it there. All right. Really cool. You all meet up this week. Had a member named John just blow our minds about custom keyboards. And I now have one on the way. So I'm going to be

having my tinted, like side keyboard programmable. Really cool. And I ordered a kit from Jose and Martinez, so that should be fun. And Voyager one is one light day away from us and it still it keeps breaking. We're like, oh, it's finally dead, you know, salutes, hats off to you. And then it'll be like, I woke up. I'm okay, I'm okay, I'm okay. And we're like, how are you? Okay. It's like, what? I figured it out. We're okay. And they're talking about having to troubleshoot this thing from 24

light hours away. It roughly, it might be closer or further at this point, but roughly a day. How far away does the thing have to be for the speed of light, which is that fast? Eight minutes, by the way, to the sun, 45 minutes for Jupiter, and this thing is 24 hours away and we have to troubleshoot it. So imagine like a vim session and you're typing keys. And by the way, that's why a lot of the

commands are the way they are. I think Bill Joy created VI and it was for interacting with very distant things I think satellites. So you'd have this slight delay and low resources on each computer. Well, imagine when a keystroke. I imagine they batch things, but imagine a keystroke taking a day just to get there and a day to get back. And final thought on on Voyager one. What a hero. All right, discovery hack trails Golang client allows you to query security trails, API and do super useful

stuff for bounty hunters. And it's made by my buddy Luke. Uh, super cool guy. Open API Tui lets you interact with APIs with a terminal user interface, which I love. I stopped loving Captain Kirk. Really good piece. Solar punk is a new cyberpunk. Do It Now by Steve Pavlovna, one of the first pieces that I read on productivity. Uh, 2005 really takes me back that one minimal viable system. Ben Koon shares why and how to blog which skills are at least likely to be replaced by AI. Amanda

Haskell talks about why cloud three is so good. By the way, cloud three opus I'm only using opus. It is crushing GPT four in the most advanced tasks that I have, which is like deep analysis of like the most interesting and surprising ideas. So it's like the pinnacle. It's like the top end of the most difficult things for humans and AI to do, to pull out complex ideas and distill them from a corpus, an entire book

or an entire video or whatever. To be able to do that is the hardest thing that I've seen I do anywhere. And, um, at that type of skill, opus is crushing GPT four. I mean, it's like two or 3 or 4 times as good in. It's hard to measure that. So I'm making up those numbers. But intuitively, I feel like the quality of GPT four is somewhere, and this thing is like so much better now in most other tasks. Uh, GPT four is as good. Um, in some places it's actually still better than opus, but

and it's way faster. It's probably like three times faster, I would guess. Yeah. Really interesting to see opus doing so well. Spreadsheets as simulation tools. And the Getty has released 88,000 art images for anyone to use. Recommendation of the week. Let grow this thing. Oh this project. I love this project. Can I click this? It's about resilience.

Love this project. Okay. And the aphorism for the week I am not what happened to me, I am what I choose to become, I am not what happened to me, I am what I choose to become. Carl Jung Unsupervised Learning is produced and edited by Daniel Missler on a Norman 87 I microphone using Hindenburg intro and outro. Music is by zombie with the Y and to get the text and links from this episode, sign up for the newsletter version of the show at Daniel missler.com/newsletter. We'll see you next time.