UL NO. 460: CISA Exploded, The Chinese Telco Hack, Two Meta-skills
2024-12-3 04:18:19 Author: danielmiessler.com(查看原文) 阅读量:4 收藏

SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.

Hey there!

My current TMUX windows

  • It’s that time of the year again! MAJOR NEOVIM and TMUX updates. This year I did lots of cleaning, added noice.lua to get some clean aesthetics (I especially love the visual search box popup), and a bunch of other goodies. Feels so good to do in December or January! Will do a blog/video on it soon.

My own Stratum 1 time server on the LAN!

  • My time server lives! Check out my snmp time.local.lan output 👆🏼

  • I’ve opened up my AUGMENTED course again for February of this year. This is going to be a very focused session on building out personal TELOS files. $495. RESERVE A SLOT

Sponsor

Gain Visibility & Control Over Risky Drive Sharing

Google Drive is where your team works and collaborates: it’s full of sensitive, critical information — and it’s growing rapidly. Sampling our Drive customers, we found that over approximately six months, the average Drive footprint grew over 800% and sharing of sensitive information increased over 500%.

Sharing and collaboration is key to your operations–but managing the risk that goes along with it is just as critical. Material gives organizations visibility and granular control over Drive behavior, that’s why our customers also saw risky sharing — like public exposure of confidential content — drop by 94% in the same time period.

SECURITY

Jen Easterly, CISA's director, will leave the agency on January 20 as the new administration begins. Sad. MORE 

💡She’s one of the best things that’s ever happened to public cyber. I was holding out hope that she would stay on. What a loss.

China has deeply compromised thousands of US telco networks according to Senator Mark Warner, who says the situation is way worse than SolarWinds. The Chinese group "Salt Typhoon" has established persistent access that may require replacing thousands of network devices, and they potentially accessed phone call data and wiretapping capabilities. MORE

💡Worse than SolarWinds. Deeply compromised telco networks. Add it to OPM, Marriott, and thousands of other hacks. Really tired of this.

Some are saying the compromise is so deep and nasty that it might require a whole rebuild to get them out. Which will take years, if it happens.

Meanwhile—they’re still our telco networks.

Volexity discovered Russian APT28 hackers compromising organizations next door to their actual targets to hijack their WiFi networks and gain unauthorized access. The attackers used password spraying to get credentials, then leveraged neighboring offices' devices to connect to the target's MFA-less WiFi network and move laterally. MORE

💡Great. Now we have to worry about who’s getting hacked next door as well.

Apple has rolled out urgent updates for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities. The flaws, CVE-2024-44308 and CVE-2024-44309, involve JavaScriptCore and WebKit, potentially allowing code execution and XSS attacks. MORE

Wiz is acquiring Dazz for $450 million to boost its cloud security offerings, especially for developers. Damn. Dazz just came out and already acquired. Nice job. MORE 

The Danish Navy detained the Chinese bulk carrier Yi Peng 3, suspected of damaging undersea telecom cables in the Baltic Sea. The incident occurred in Danish waters, with the ship reportedly sailing over cables between Finland, Germany, Sweden, and Lithuania. MORE 

Sponsor

The Complete Guide to Credit Card Fraud and Prevention

Fraud tactics are becoming ever more sophisticated - but real-time data and applying the most up-to-date best practices can help protect your business. Learn the latest credit card fraud methods to help your team anticipate and counteract threats.

→ Implement intelligence-driven prevention strategies

→ Build fraud resilience

Download the guide to learn more.

Crowdstrike says a China-linked group called Liminal Panda has been targeting telecom networks in South Asia and Africa since 2020, using protocols like SIGTRAN and GSM to infiltrate and collect intelligence. MORE 

CISOs can now get professional liability insurance from to Crum & Forster. This new policy protects CISOs from personal liability, covering consulting work and even pro bono IT security tasks. MORE 

Google's OSS-Fuzz project, using AI, found 26 vulnerabilities, including a critical OpenSSL flaw (CVE-2024-9143) that went unnoticed for two decades. MORE

Google blocked over 1,000 pro-China propaganda sites that were posing as legitimate news outlets. The sites were run by four Chinese firms working together as "Glassbridge,". MORE

Researchers found Russia is using AI to scale up its disinfo campaigns, with a focus on creating fake Western personas to spread anti-Ukraine narratives. They're seeing more sophisticated tactics like using AI-generated profile pictures and coordinating posts across multiple platforms to appear more authentic. MORE

AI / TECH

AWS just added automatic testing of RAG setups and LLM-based model evaluation to Bedrock, which lets you quickly test different RAG configurations without needing human reviewers. The evaluations look at things like correctness and helpfulness, with scores from 0-1 and natural language explanations for the results. MORE

Anthropic released an open-source protocol for connecting AI models directly to data sources like Google Drive and GitHub. The protocol lets AI assistants access live data from business tools and development environments instead of being isolated, with Block and Apollo already integrating it and companies like Replit and Sourcegraph adding support. MORE

💡This is very much in line with what I’ve been building for the last couple of years with Fabric and my own internal tooling. Basically, everything is microservices and data sources, and they’re all modular. I think that’s where everything is going.

OpenAI is reportedly planning to develop a web browser to compete with Google Chrome, integrating ChatGPT and search features. MORE

Llama 3.1 405B is now blazing fast on Cerebras Inference, hitting 969 tokens per second—12x faster than GPT-4o and 18x faster than Claude 3.5 Sonnet. MORE 

💡This alternative hardware stuff is just insane. These are custom chips, similar to Groq, that run inference extremely quickly.

My opinion isn’t formed yet, but I’m wondering how much of the future of AI is building models vs. inference, and I think I’m very much leaning towards inference.

Microsoft has quietly built the largest enterprise AI agent ecosystem with over 100,000 organizations using its Copilot Studio. At the Ignite conference, they announced support for 1,800 large language models in Azure and unveiled autonomous agents that work with minimal oversight. MORE 

Salesforce plans to hire over 1,000 people to support their new AI product Agentforce, which automates customer service, sales, and marketing tasks. The tool costs $2 per agent conversation and is already being used by companies like OpenTable, Saks, and Wiley. The company's stock hit a record high of $322.81 on the news, up 2.5%. MORE

💡Both Microsoft and Salesforce are going heavy on Agent frameworks, tooling, and products. Especially the Salesforce stuff. It’s basically a full platform for automating people’s jobs.

They look cute in the picture, though, so they’re probably harmless.

I’m not mad at them, by the way. This is inevitable. I’m just worried for people and feel like screaming into my fist when I see how blatantly this is being built right in front of us, with most people being completely unaware.

Meta is using large language models (LLMs) to boost their incident response, achieving a 42% accuracy in identifying root causes in their web monorepo. This approach reduces mean time to resolution (MTTR) from hours to seconds by surfacing likely issues early in investigations. MORE 

Nvidia just announced Fugatto, their new AI model that makes music from text prompts. The name stands for Foundational Generative Audio Transformer Opus 1, and it lets you either describe the music you want or upload existing audio to work from. MORE

40% of LinkedIn articles may be AI-generated, with tech and marketing having the highest rates. Researchers analyzed 10,000 LinkedIn posts and found consistent patterns in AI content, including longer articles and specific linguistic markers. MORE

Apple is reportedly working on a new AI-powered version of Siri, called "LLM Siri," to compete with ChatGPT and Google's Gemini Live. This upgrade will make Siri more conversational and capable of handling advanced tasks, like interacting with third-party apps and summarizing text. MORE 

Zoom drops "Video" from its name as it pivots to being an "AI-first work platform." The company is trying to move beyond its pandemic-era video conferencing success by launching comprehensive workplace tools to compete with Microsoft and Google. MORE

Meesho is handling 60,000 daily customer calls in Hindi and English using existing LLMs combined with custom components for local context. The system cuts call costs by 75% and resolves 95% of queries without human intervention. Insane stats! MORE

OpenAI's Sora text-to-video model has been leaked by early testers who claim they weren't fairly compensated for their work. The leak appears to be a protest against OpenAI's treatment of creative contributors. MORE

Tesla is set to launch V4 Supercharger stations next year, offering up to 500kW charging for EVs and 1.2MW for Tesla Semi trucks. These new stations will feature longer cords, CCS connectors, and physical payment terminals, making them more accessible for various EV brands. MORE 

Google faces its most serious legal challenges ever, with multiple antitrust cases that could force dramatic changes to its core businesses. The DOJ wants Google to sell Chrome, Epic won a case to open up the Play Store, and another case targets Google's $237.9B ad business. MORE 

HUMANS

Young doctors are flocking to dermatology because it pays extremely well and has great work-life balance. The average dermatologist makes $438,000/year, works 40 hours a week, and rarely has to take call, while other specialties like emergency medicine require nights, weekends, and holidays. MORE

A Wired article explains how to get better at dealing with uncertainty and making predictions. The piece focuses on practical ways to improve forecasting skills, drawing heavily from intelligence agencies and "superforecasters" who are good at calibrating probabilities. MORE

The gaming industry is seeing widespread layoffs and studio closures as players spend less on new games and stick to established titles like Fortnite and Call of Duty. Over 14,000 games have been released on Steam in 2024 already, surpassing 2023's total, while established games take up 92% of total gaming time. MORE

Denmark plans to plant 1 billion trees and convert 10% of farmland into forests over the next 20 years to cut fertilizer use. MORE 

A Pew report reveals that 21% of US adults, and nearly 40% under 30, now get their news from influencers instead of traditional media. MORE 

A data scientist challenges the assumption that employee performance follows a normal (Gaussian) distribution, arguing it actually follows a Pareto distribution where low performers are 3x more common than high performers. The analysis shows there's no statistical basis for firing the bottom 10% of workers annually, and companies should focus on addressing genuine hiring mistakes rather than forced rankings. MORE

MIT is making tuition free for undergrad students from families making under $200K. If you can get in. Which most cant. The solution is to make elite education basically free, not to give a couple more people a chance. MORE

Japanese fiction sales are exploding in the UK, making up 43% of translated fiction in 2024 so far. The boom started with surrealist authors like Murakami and Yoshimoto in the 90s, but has evolved into three main categories: literary fiction from female perspectives, crime novels, and "comfort books" featuring cats and cafes. MORE

Medicare is paying vastly different prices for identical drugs depending on how they're administered. The same medications cost way more when given in hospitals vs. doctor's offices or at home. MORE

Barnes & Noble is making a comeback with plans to open 60 new stores this year, including 12 this month. After nearly going bankrupt, they're adopting an indie bookstore vibe and letting each location tailor its offerings to the community. So happy about this! MORE 

IDEAS

The new Meta Skills?
I think the new meta-skills might be Creativity and Judgement. Let me explain. Imagine you’re sitting in front of a computer with a super-intelligent AI system that works for you. It can make anything. Any art. Any program. Any company. ANYTHING. When you’re no longer limited by execution, the questions become quite interesting. The first question is: What do you tell it to make? And the second question is: How do you know when it’s done? Both of these require that you understand the world. You have to know the difference between good and bad versions of things. You have to understand problems, and solutions. They require that you basically know a lot, about a lot of different things. It takes us back to classical education—like Grammar, Dialectic, and Rhetoric. What I’d argue is real education, as opposed to training to be a corporate employee. In other words, to survive this AI push we might need to become generalist autodidacts—with our own specializations of course. MORE

Onsite or Remote?
It’s strange how some companies and people are so much better when the team is all onsite in a single location, and others are so much better when they let people work remote. I think it comes down to this: if you’re a young, feisty startup with lots of young, A-player talent, it’s probably better to be all in-person in a single location. No exceptions. And it seems like anything else it’s best to have flexibility. Because once there are multiple offices, the benefits of going in disintegrate quickly. MORE

It's surreal that we're about to walk into a Bird Flu pandemic for one reason alone:

People are TIRED of pandemic talk.

So we're about to break the global economy again, kill lots of people, all because pandemics are "annoying". x.com/i/web/status/1…

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
11:47 PM • Nov 29, 2024

DISCOVERY

"Who's Hiring in Tech?" — A Twitter bot (@careergus) has been monitoring and archiving tech job posts from Hacker News' "Who's Hiring?" threads since 2019, building a dataset of over 100,000 job postings. MORE

A fascinating analysis shows how the internet's BGP table changes over a single day, with 1,087,828 total updates captured during the 24-hour period. MORE

ssh-artwork — A fun tool that lets you create ASCII art in your SSH server's public key fingerprint by manipulating the key generation process until you get your desired pattern. MORE

jsontr.ee — A new tool that lets you visualize JSON data as an interactive tree structure in your terminal, with support for collapsing/expanding nodes and searching. MORE

LaTeX.css — A new CSS framework that makes your website look exactly like a LaTeX document, complete with theorems, proofs, dark mode, and proper math rendering. MORE

SearchGPT Shortcut — You can now invoke ChatGPT in web search mode using Apple Shortcuts. So instead of going to LLM responses, it searches the web first. MORE

Amazon S3 Put-If-Match — S3 now supports atomic compare-and-swap operations, letting you check if data has changed before overwriting it. This is huge for preventing race conditions and implementing optimistic locking in distributed systems. MORE

Text2Motion.ai — A new AI tool that lets you create animations just by describing them in text, similar to how you'd use DALL-E for images. MORE

rga — Ripgrep on steroids. It lets you search through PDFs, E-Books, Office documents, zip files, tar.gz archives, and more. It's faster than pdfgrep because it uses multithreading and caches text extraction. MORE 

ElevenLabs just released a podcast creation tool that lets you turn text into complete audio shows using AI voices and music. The tool can take blog posts, news articles, or scripts and convert them into complete podcasts, complete with AI-generated voices and background music. MORE

Canon R1 vs Nikon Z9 vs Sony A1 II Camera Comparison — Chris Niccolls did a detailed shootout between the three top pro cameras, with the Canon R1 winning overall but each having specific strengths. MORE

RECOMMENDATION OF THE WEEK

When you’re thinking about what education your young family members need. Or your friends. Or yourself. Frame the question as a challenge of:

  1. What would they tell an all-knowing and all-powerful AI to make if they had full control of it?

  2. How would they know if it was finished making it?

#1 requires that they understand the problems in the world. That they know what should exist that doesn’t. #2 requires that they can tell the difference between high and low-quality things—which again—comes down to experience.

Focus on broad, world-model-building education that gives them both of these. I think this type of approach will ultimately make people the most resilient to AI replacement.

APHORISM OF THE WEEK

You can’t become great until you become consistent.

Alex Hormozi

Thank you for reading. Please forward to a friend and/or share on socials to help support the work.

🫶🏼

Daniel


文章来源: https://danielmiessler.com/p/ul-460
如有侵权请联系:admin#unsafe.sh