Unsupervised Learning Newsletter No. 301

STANDARD EDITION | Ep. 301 | Monday: October 4,, 2021

SECURITY NEWS

600 journalists combined efforts to investigate a massive network of offshore banking and shell companies that allows the world's most rich and powerful to hide their assets from authorities. This includes heads of state, other politicians, and celebrities. It's being called The Pandora Papers, and includes around 12 million documents from law firms and various media outlets. More

CISA has released a tool to help organizations combat insider threats. It helps companies assess their insider risk and determine what they need to set up a program. More The Tool

NSA and DHS say foreign attackers are attacking VPN systems, and they have provided new guidance on how to lock them down. More Guidance

YouTube has blocked all anti-vaccine content. More

China has sent 77 planes into Taiwan's defense zone over the last two days. More

Thousands of Coinbase customers had crypto stolen due to account takeover. They used a flaw in Coinbase's SMS-based MFA to send themselves authentication tokens. More

Rob Joyce, director of cybersecurity at NSA, says almost every country has an offensive cyber capability. More

Neiman Marcus sent a breach notice to 4.3 million customers. More

Vulnerabilities:

• QNAP patched critical vulnerabilities in QVR software. More

• fail2ban has an RCE vulnerability. More

Companies:

• Cloudflare is getting into email security by offering SPF and DKIM, as well as email routing that lets you control and consolidate email addresses. More

• Cyberinsurance firm Coalition raises a $205 million Series E. More

TECHNOLOGY NEWS

Cloudflare is launching an object storage service to compete with S3, and they're calling it R2 because it's "one less than S3". Its main claim to fame so far is that, unlike S3, it will not charge customers for egress traffic. More

PWC says all 40,000 US employees will be able to work remotely forever. More

TikTok now has a billion monthly users. More

The US Army has funded a sleeping cap that cleans the brain. It works by controlling the flow of fluid that is believed to cleanse the brain while we sleep. More

Deepmind can predict the location, extent, movement, and intensity of rain 89% of the time—out to around 90 minutes—which is signifcantly better than any other model. More

Companies:

• DNA-based data storage platform Catalog raises $35 million. More

HUMAN NEWS

When listeners pay close attention to stories, their heart rates synchronize. More

Many countries are struggling to keep up with surging energy needs resulting from the COVID economic recovery. Energy prices are high in Europe, China, and the US due to increased demand and a supply that isn't keeping up. There is speculation that this may have been a contributing factor to China banning cryptocurrencies. More

Researchers at Mount Sinai have found that EKG results can indicate which patients are more likely to decline and die from COVID, up to several days in advance. More

Britain is struggling with shortages of fuel and food, especially in rural areas, due to the effects of Brexit. The issue is complex, but Brexit essentially made it more difficult for immigrants to work in the country, so many of them left. And it turned out that those immigrants were the ones doing most of the truck driving that was getting things like fuel and food from one place to the next. So Britain basically said they didn't want the immigrants there, while most also didn't want to do the jobs those immigrants were doing. And now they're suffering the consequences. More


CONTENT, IDEAS & ANALYSIS

Podcast Setup Update (October 2021) — A short write-up on my new—and likely to be relatively static—podcasting setup at the new place. More

Pelosi Capital Management — An investment strategy based on buying whatever Nancy Pelosi buys. I'm bothered I didn't think of this. Or more specificaly, I'm bothered I didn't ask the key question behind it. "What entity has access to the best possible investment advice at the top of the food chain, yet also has to disclose their investments publicly?" That would have revealed the answer of "Congress." Shame on me. More The Twitter Account

Systems vs. Goals — This is a very good piece about how you need both systems and goals to be successful. This is a strike-back at books like the one from Scott Adams, where he says systems are far better. I think the answer is somewhere in-between. For day-to-day, month-by-month, systems are far more important. But for planning, goals are more important. The key then is 1) ensuring that you have both, and 2) ensuring that your system is helping you acheive your goals. So it's not a competition; it's an interaction. Like diet and exercise. Or mental and physical health. That being said, if I had to choose, I'd probably choose systems because—assuming it's a system that keeps you healthy—you're more likely to be able to find your goals using it. Versus having no system and a bunch of theoretical goals that you never took action on. In that situation you can wake up in your 50's and realize you haven't done anything. So I'd say that's worse.

NOTES

A Brief Defense of My Own Podcast — I want to take a moment to defend my podcast from continued attacks from a particular individual. And that person is…me. I just realized that every time I show someone my podcast, or get asked about it, I always lead with how it's dry or sterile or whatever. But really useful! Through some other reading I've come to identify this as negative behavior, and there's a simple test to see how bad it is—I'd never talk about someone else's podcast in this way, at least not without also highlighting its strengths as well. Yet here I am having never once described why anyone should listen. So let me do that. My podcast is not the most exciting, and it's not the funniest, and this is on purpose. First, excitement and humor are difficult to do consistently, and they're really bad when they go wrong. Second, they simply add bulk to the product. Then there's the fact that excitement and humor usually involve multiple people on the show. That's really hard to do, especially consistently over multiple years. The more people the more chance for someone not to show up, not to have a good show, etc. So, my formula is simple: a concise, dependable show format, delivered by me alone, pretty much as quickly as possible. I also recommend you listen at 1.5-2.5x. At that speed you get a pretty damn good summary of security, tech news, and goings-on in the world—in around 10 minutes. Plus regular helpings of original thought about the stories and their impact on society. The reason I make this show is because if it already existed I'd be a fan. It's the show I wish were available somewhere else. So, yes, you lose some things with this concise and direct format, but I would argue that the value makes up for it. So, yeah, that's why you should listen to this, which is weird since you already are. And if you ever hear me bad-mouthing my own show, do me a favor and slap me.

I just created two different versions of the podcast—one for members and one for everyone else. The standard version stops after the first three news sections for even episodes, while the member version has all the other sections as well, including Content, Ideas, and Analysis, Notes, Discovery, and the Recommendation and Aphorism of the week. The goal was to stop giving the entire show to everyone via audio when members subscribed to get access to that same content. So basically, on odd episodes, everyone gets the full podcast and newsletter. And on even episodes, members get the full podcast and newsletter, while non-members don't get the newsletter and the podcast is an abridged version that doesn't include the analysis and discovery portions. Let me know if you have strong feelings about this, and even better just subscribe so you won't notice.

I've been asked a few times what content goes in my Ideas section vs. the Discovery section. Simple—bolded items in the Ideas section are links to my own full essays. Non-bolded entries in the Ideas section are my own thoughts or analysis on something, but in short form right there as a single paragraph. And cool ideas from others, with no analysis, are links in the Discovery section. Hope that helps!

Currently reading Jordan Peterson's latest book. I'm a 70% fan of Peterson. I love and respect him. But I often disagree with his positions. And his writing is hard to consume. Still, I find him genuine and entertaining, and most of all—working from good-faith.

I just bought The Wires of War. A serious contender for next the next UL book of the month I think. More


DISCOVERY  

/r/netsec's Q4 Hiring Thread More

Where Have All the Sex Scenes Gone? More

Always Multiply Your Estimates by π More

Pelosi Capital Management — An investment strategy based on buying whatever Nancy Pelosi buys. More

Don't ask to ask, just ask More

Someone took a new Rivian electric truck into the mountains for a review. More

"google' is the most-searched word on Bing. More

Big Orgs Are Broken Due to the Prisoner's Dilemma More

Workers are leaving Zoom to go back to the office, where they get back on Zoom. More

Securing Your Git Commits Using FIDO2 Keys More

10 Types of Web Vulns That Are Often Missed More

tmux & ch.sh More

FAV/E — Utilizes NIST CVE to find vulnerabilities and exposures based on various criteria. More


RECOMMENDATIONS

If you like Star Wars or Anime, to any degree, you must check out Episode 1 of the new Disney+ series called Star Wars Visions. It's without question the best Star Wars thing I've ever seen. Can't say more.


APHORISMS

"We reach each stage of our life as a novice."

~ Nicolas de Chamfort