UL NO. 462: Full-Face Mask Deceptions, VS Code Tunnel Hacks, Quiet AI Emergence at Apple, and Tokyo’s Three-Day Weekend Gamble

a quick and painless process. Work OS also has user management solution called auth Kit that is free up to 1 million monthly active users. It comes standard with MFA, Rbac, bot protection, user impersonation and more. Auth kit is built with radix components, which means zero compromises in design. You get limitless customizations and modular templates designed for quick integrations. Work OS is already used by hundreds of fast growing

companies like cursor, Vercel, Perplexity and Sierra. Check it out at work OS Com that is working os. Com. Welcome to Unsupervised Learning, a security, AI and meaning focused podcast that looks at how best to thrive as humans in a post AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond. All right, welcome to

unsupervised learning. This is Daniel. All right. So settling in for a couple of light holiday weeks trying to chill out as much as possible, reading a bunch of lit RPG. I don't think I'm going to play too much path of Exile. It's like a religion. I've already got too many religions. I've got reading as a religion, I've got AI as a religion, got security work. I'm building a bunch of tech. I just I don't have time to

invest in getting good at Poe. It's just too intimidating. Plus, the little bit that I did play was mostly like hitting the space bar and dodging way too much dodging. So don't think I'm going to be playing that any time soon. But I do watch other people play it, so that's kind of fun. Please go subscribe to the

YouTube channel if you're watching this on YouTube. That's probably kind of silly because you're probably already on the channel and hopefully you're subscribed, but always forget to promote that. So trying to remember wrote a piece for days. Been wanting to get out for a while. It's basically about how updated context is going to be like the centerpiece of vulnerability management, because the problem isn't finding villains, it's actually fixing them. So go check that out and let's

get into security. So full face masks for facial recognition evasion. So realistic masks that you could put on I'm going to open this up. This is why we do it live. Look at this thing. So it's like a stocking or whatever. But you put it over your face and then it kind of pulls to contort to your face and look at that from a distance. That is not so bad. not so bad at all. And look at all these different faces you got so pretty cool. Yeah. Bruce Schneier

is the one I think I saw that from. But yeah, I'm curious. I'd love to see some testing done from the security community to buy a bunch of these. And then maybe if we have access to like a facial recognition system to see if we could get it to match someone else. I think the big thing is like, is it only visual or is there like an active component? I think, and I don't think most do have an active component. I know face ID does, but I think

most facial recognition does not have an active component. And what that would mean is like is something actually bouncing off your face, which would go through the stocking. So it'd be able to see like where your cheekbones are, where your chin is, and, you know, eyes, foreheads, stuff like that. That would seem to break the system or break the masks. But yeah, I don't I don't think most are doing that, but I'm not sure. Visual Studio

Code remote tunnel hacks. So some Chinese attackers are caught stealing V's codes, remote tunnel feature, or using the feature to hack it. Service providers in South Europe and China starting to limit the sale of critical drone drone components to the US and Europe that are needed for Ukraine's fighting efforts. So this is all part of the trade war of us limiting their access to chips. So now they're limiting our access to key materials to actually build stuff,

and now they're limiting drone stuff. I really can't wait to get our drone systems up and running. I'm really worried that the any war, any conflict, hopefully not a major war, but any conflict that we have with China, it's going to be about drones, like aircraft carriers I don't think are going to be as big of a deal. I remember seeing a piece or like a series or something.

I was in the Army at the time, so this was like mid 90s and I was reading about this thing called the Assassin's Mace weapon, which is a Chinese concept, I believe, where it's like when you have an enemy that is much too big and powerful for you, you don't bring force against force. What you do is you bring some kind of weapon that is highly asymmetrical, that is capable of hurting this thing when regular force has

no chance whatsoever. And drones are that. And once again, I've recommended this multiple times, but I recommend you read the book Kill Decision by Daniel Suarez. It is fantastic and it's all about mini drones and implications and stuff like that. FBI is shut down Redux, a cybercrime marketplace operating since 2016, and they arrested three Kosovo nationals who

were running it. Russian state backed APT Kameraden has been targeting Russian speaking individuals with two Android spyware families called Bone Spy and Plain Gnome, and it can record calls, capture photos and collect. SMS messages. Yahoo cut 25% of its cybersecurity team, which is also known as the Paranoids. Over the last year, paranoids are kind of og famous in the security community, so kind of sad to see

them getting cut down. And I know the attrition has happened for a long time over the years, but I presented and taking classes over there in the facility that they were based out of. And yeah, sad to see kind of this old school kind of organization going away. Another run of augmented happening in February. It's actually February 3rd of this coming year, and this is going to be a full discussion and workshop on building out your personal Telos files and using AI to access them and

use them, manipulate them. So it is $495, but you get 25% off if you are a member and you can go and reserve a slot. I think they're still open, but you definitely want to check it out. Probably will be full soon. And if you become a member to get the discount, the discount is actually more than the cost of the membership. So really good time to become a member if you've been thinking about it. Super annoyed about the fact that ChatGPT Pro, which I use constantly,

is not as good, unfortunately, as Claude AI. I have more problems with it. It sends me down more rat holes. It doesn't follow my instructions as closely as Claude does, and it generally produces code that's not as good. The code quality is a little bit closer than than the other aspects. What Claude does really, really well, and let's not frame it as ChatGPT pro being bad. It's more like what Claude does really well is it follows your instructions and it responds like a human, and it's like

you're actually working with a coworker. So if you tell it, look, I only want one instruction at a time. This is one of my instructions. I only want one instruction at a time. Because oftentimes we're going to need to troubleshoot that. I have to go and run it and see if it works, and then let you know if it doesn't work. Claude follows that almost perfectly. And OpenAI or ChatGPT, it'll be like, okay, boom, here's seven more steps. So I'm scrolling to get back up to whatever. And I'm just like,

why did you give me seven steps? The thing before didn't work. I told you not to do this. And then we give me code and it's like, here's a little bit of code. And then at the bottom it's like, here's the rest of the code or insert the rest of the code. I said explicitly in the instructions not to do that. Also, here's the other instruction I gave it. And also to Claude. Write out files using echo and EOF,

which is end of file. That way I could just copy the thing and paste it, and it writes the file in my directory, as opposed to just giving me the raw code. Then I have to open the file delete paste close, which saves. So those extra steps Claude follows perfectly hardly ever misses that. And ChatGPT like 60% of the time misses it. So I'm really hopeful that ChatGPT is going to catch up and hopefully even get better.

But it's really annoying to pay $200 for a thing and have that thing not be as good as the thing that's free. Or I guess I'm paying the $20 subscription for anthropic. Not even sure. But anyway, I'm not paying $200 for it and it's better. And this is Claude not even having shipped anything recently. I have a feeling when Claude ships its new thing, it's going to jump way ahead of Google and way ahead of ChatGPT, but I'm sure again it's just leapfrogs. Constant leapfrogs, and

I think 2025 is going to be even more. It's going to. Accelerate in the difference between one to the other. So I think Apple is. Actually doing exceptionally well on the AI front. Most people think that they're kind of way behind. And Apple intelligence. Isn't very good. The one thing I agree with is Siri is still massively broken, but it is getting better. But the thing I think that I realize that a lot of people don't, and keep in mind, I'm an Apple fanboy, so you got

to take that bias into account. I don't think it actually applies. In fact, I think it gives me a benefit here. But I do want to make it very clear that I am an Apple fanboy. So if I were to be wrong, that would definitely be part of the reason. Um, so I believe that Apple is building life OS and that they've been slowly and quietly adding I to that. And they kind of have been for a long time. But with Apple intelligence, you should never expect them to jump out in front and do something

crazy with their AI. That is just not the way the apple works. What they're doing, though, is they're adding education, they're adding health, they're adding, you know, the ability to see more and hear more with like the AirPods. They're just they're slowly incorporating more and more of our lives into their ecosystem. And the whole advantage of Apple, what they have over everyone else is how cleanly and in a unified way, they unify all their different ecosystem components

to work together. Okay. So that's what they're known for. That's what they're best at. That's what makes them so compelling. That's why everyone switches off of Android. Because when you have Apple stuff, the more Apple stuff you use, the better everything gets. Now add AI on top of that, which runs securely inside of the Secure Enclave or in their new secure cloud infrastructure that they built. It's going

to be insane. Absolutely insane. I mean, imagine an AI agent having full access to all your health data, and if you're a security person, you're probably freaking out about it. But with Apple, you you actually don't have to freak out about it. I worked there for three years in security. I've been watching them security wise for over a decade before that, and I have never seen a company more crazy about doing security and specifically privacy really, really well

than them. And that's why also it takes them a little bit longer to do things, because they have to be very particular and meticulous about it. So people are saying, oh, they're going slow, they're being left behind. I assure you, they are not being left behind. And here's what I'm telling you to do. Let's have this conversation at the end of 2026, or even the end of 2025. What happens is they're small little winds in the ecosystem world and also in the AI world on top of the ecosystem,

they're small little winds slowly build. They build and build and build. And then one day some some YouTuber is going to be like, wow, Apple just came out with all this amazing stuff. They really surprised us. Didn't surprise me, didn't surprise a lot of people who were watching Apple closely. It's slow, incremental, methodical improvements. Every little OS update that comes out, they tweak one little thing, which helps it work with these nine other things. Then they tweak nine

other things, helps it work with this other thing. And slowly it's it's not just improving each component, it's pulling the components tighter to work better together. So Apple is building life OS. Okay. Not work. OS. Not, you know, personal os. A unified life os. That's mental health. It's health, it's fitness, it's career, it's creativity. It's all those things

unified together. The way I like to think about it is if you watch the most advanced sci fi about an AI agent, something like her, that is essentially what Apple is building. Okay. It's building something like her. But imagine it more with like AR in addition, because that was mostly just voice. But imagine, you know, glasses or contact lenses. So you're seeing overlays. If you look at my, um, my peace AI's predictable path, that is what AI is

going to look like. And I think Apple's going to get there first each component, they won't get there first, but having it all unified into a platform, into an ecosystem, they will get to that first. And then even when other people arrive, It'll be cleaner with Apple, which is why everyone will continue to use it. All right. Former OpenAI researcher who publicly criticized the criticized the company's data practices,

was found dead in his San Francisco apartment. Suchir Balaji, 26 years old, dead of suicide and a lot of conspiracy going around this. The one thing I will say about this I don't know anything about the case, you know, probably wasn't foul play. Just just from the math of it. When people are whistleblowers, which is what he was, what a lot of people don't realize is you are you

are shunning your community. You're taking somebody who's usually pretty powerful inside of your community, and you're basically blowing the whistle on them, which means they that big company or that big person kind of. I'm not saying OpenAI did this. I'm saying in general going back, you know, hundreds of years, this concept is that the community turns against you. You get looked at as like a rat or a a tattletale or a narc or something, and it's just like

it's very lonely. Like, the most dangerous thing right now is loneliness. Right. And and I'm just projecting here. I'm just saying this is a common thing that happens with whistleblowers is they get ostracized, which is isolating, and it's stressful. That is, in my opinion, the most likely cause of something like this. But who knows? I mean, some conspiracies, sometimes, uh, whistleblowers are actually attacked. It doesn't mean it needs to be open. I it could have been someone who is

friendly to OpenAI. Who who knows? I don't know, but I just wanted to add that dynamic there. Y Combinator backed startup called artisan is running ads all over San Francisco with slogans like stop hiring humans, and artisans won't complain about work life balance. This is brilliant. Okay, first of all, the CEO says I did that on purpose. It was dystopian on purpose. We're not actually dystopian. Uh, don't believe you. I remember that thing from, uh. What

was it? I can't remember the name of it. It's, um, not Woody Harrelson. Damn it. What is this guy's name? Will Ferrell. Will Ferrell on? Um. Damn. What is the name of that? I can't remember the name of that damn show. Anyway, it's the one where he's a newscaster, and he's just like, I don't believe you. And that's exactly how I feel about this. I don't believe you. So I think he thought that was going to be cool. I don't know, maybe I'm not giving him enough benefit

of the doubt. Maybe he actually did it. It has dual purpose, right? When you do this, it makes people look and go, Holy crap, artisans won't complain about work life balance. That's going to make a whole lot of people mad. All press is good press, right? So bad press, look, we're talking about it. A lot of people are talking

about it. So automatically they got attention. But even more sinister than that, there are a whole lot of hiring managers who are tired of humans complaining about work life balance, and they're tired of people not showing up to work, and they're tired of tired of people doing half the work that they're supposed to be doing. And so this is actually an appeal to them directly as well, to fire your humans or stop hiring humans. So it's brilliant

in two different ways. And I'm curious if they're actually going to do well. ChatGPT can now analyze real time video through your phone's camera. Okay. ChatGPT has this. OpenAI has this. I don't know if anthropic has it. I haven't messed with the Claude app that much. The actual static app, but, um, or the desktop app or phone app, it is unbelievable to pull up an I have a screen showing like I'm showing right now. And then to say to it, um, hey, do you see what I'm

looking at? Hey, do you see that code? Help me troubleshoot this thing over here. It's over here. Working and returning code for you. But what? But watch this. You didn't type anything. You're just talking. You're just talking. And guess what? You're actually hearing it. Come back and say things to you. So you are literally having a voice conversation essentially with a colleague. And that colleague knows everything about coding and is helping you code. But it's not

just coding. It can help you write or research or do whatever. And this is the end of 2020 for that that shipped and that was from Google. This one is ChatGPT works the same. I only got it working on my phone, though I haven't seen it on the desktop app because it's a lot more powerful on a

desktop when you can see all your screens. And I'm telling you, it is kind of like a ChatGPT moment from late 2022, when you could literally have a regular conversation with a thing that sees it's like it's over your shoulder, it's sitting next to you. This is where AGI starts to happen, where not quite, but where you have a colleague that understands everything you're saying and can just go and do general tasks. So hugely impressive. I recommend you go check it out. The one that's really

impressive is the Google AI studio. Okay, Gemini two and agents. Yeah, this is what I was just talking about. Completely surreal to just talk to an AI that you can basically see your screen. So let's see if this one actually does it. Um, do do they usually put it at the bottom. Damn it. Can't find it. All right. So this is basically what I was talking about. Uh, Gemini two. Okay. Now I really have to go find this thing. It's annoying me. Yeah, hopefully you can hear that. I can't

hear it, but hopefully you can. Yeah. So you're basically just talking to it. It's really cool. All right, next story. Exxon is building its first ever external power plant focused on AI data centers. This is insane. Exxon. They are so good at seeing the future and I'm very mad at them for many reasons. Well, like in the 1970s, they saw the future of carbon going up and they chose to bury that research. That's the thing that most makes me angry. But in this case, they're seeing the

future of AI needing needing power. So they are going into the business of providing AI data centers with power. They're starting a whole new branch of business. I mean, that is just absolutely brilliant. And like what what is their stock? Yeah. Let's look at like I don't like this graph one day okay. All yeah that's ExxonMobil. Look at this. Since October 1st 2020 it was $33. And today it's $120. So they're doing okay. So yeah really

really smart basically providing power to AI. Yeah. So one is tracking health data in markdown files instead of apps. I love doing everything in text. So really, really enjoyed this article. Center click is released a line of GPS based server appliances. You know I got one. Even though I already have a time server, I got another one because I am stupid and this is actually fairly cheap. It's only like 250 bucks. Yeah, it was like 250 bucks.

So I will probably give the other one away. Whichever one I like the least, I will probably give away and I might end up keeping this one. It seems like the metrics might be a little bit nicer, but anyway, what it is, it's a time server. It's stratum one, which means instead, okay, stratum two is you're pulling from a stratum one. Stratum one is or no. Is it stratum zero? I'm going to pull mine up and have my IP address in there. Um, I can't remember if

it's stratum one is the one that goes to satellites. No, it's stratum zero is stratum zero I think. So basically the most direct one you can have okay. The absolute most direct one is you actually on on board these satellites. This is the GPS system manages. It's the most accurate time system in the world. It's 24 different satellites who have, um, I believe cesium clocks. Either cesium or the other one. I can't remember the other atom, but cesium is the

most accurate one. Their atomic clocks on the satellites. 24 of them. And they're in different orbit patterns. These 24 satellites, if you connect to them, give you the most accurate time that you can get on the planet, essentially, um, because all their clocks are synced and they're all working in conjunction and they agree on what the time is, and then they provide that time to the world. And this is how we have accuracy with GPS and everything.

So if you have a time server like time.com or whatever, that is usually a I can't remember if that's stratum one. Let me see okay. Stratum one. Yeah. Stratum one is the original one. It's the one that has access to actual satellites. So you see that S1 right there. That S1 means it's the stratum one server. So look at this. I am 0.001680 milliseconds off of the true time on the satellites. And if I do mine, which is time, I don't want to do it because it's got my

IP address in there. Not really a security risk, just kind of stupid to do on a video. But um, mine is even more accurate because it's actually running from my server room and it's got an actual antenna talking to actual satellites. I just love that I've always been obsessed with time. So bottom line, if you want to get into some super geeky time stuff for only like 2 or 300 bucks, you should get one of these things. They are super cool. Look at this United Airlines, which

is my favorite airline. They are adding share item location into the mobile app. So if you lose your luggage, you can actually add your link to your AirTag and help United find your bag. That is the coolest thing ever. YouTube is seeing massive growth in TV viewing, with sports content up 30%. Users watching over 400,000,000 hours of podcasts on TV's monthly YouTube. Just absolutely killing it. Someone in Louisiana got a bird flu and they are hospitalized. I

actually heard a conflicting report. Somebody was saying or some report was saying 60% of people die. I've heard a lot of other people might have been this article that said a lot of people got better from it. So it wasn't like killing everybody. So maybe we don't have a pandemic, maybe we do. And it's more like Covid and it's not so bad because we have, you know, vaccines come out. I mean, we already have flu vaccines, so maybe, maybe it won't be so bad. I don't know,

don't really want to think about it, honestly. Tokyo is trying to increase births by giving its 160,000 government workers a four day workweek starting in April. I mean that the birth rate is down to 1.2 babies per woman, and they're trying to get that that back up. Um, expecting fewer than 700,000 newborns this year, lowest since records started in 1899. So they're trying to give people a

four day work weeks. So basically a three day weekend. Hopefully, you know, go out, have a good time, uh, meet somebody and make a baby. Research shows ketones don't just provide energy to the brain. They actually help remove misfolded proteins. Okay, I actually have my buddy Danny gave me some ketone drinks. I don't know, a little bit cautious of that. I'm going to wait till the science is a little bit better. All right. Discovery Stack Analyzer detects more than 500 technologies

in your code base. You basically point it to a GitHub repo, and it tells you all the different tech that it uses, all the different security talks at Reinvent. Thanks to Clint for showing me this link. And in a series of compression tests, Zstd consistently outperformed gzip and zlib across speed, compression and decompression efficiency. Metrics and recommendation of the week downtime, fiction, family, friends, downtime, fiction, family, friends,

and the aphorism of the week. Almost everything will work again if you unplug it for a few minutes, including you. Almost everything will work again if you unplug it for a few minutes, including you, Anne Lamott. Unsupervised learning is produced and edited by Daniel Miessler on a Neumann U87 AI microphone using Hindenburg. Intro and outro music is by Zomby with a Y, and to get the text and links from this episode, sign up for the newsletter version

of the show at Daniel missler.com/newsletter. We'll see you next time.