Unsupervised Learning NO. 478

Hey, hope you’re doing well!

UPDATES

• I put my 2016 book, The Real Internet of Things, online for free as a single blog post! I did this for a few reasons, but the main one is that if content isn’t online and available to AI it’s basically hidden, and that’s how I feel about books in general now. I want everything I read in Markdown! And it’s only around 17,000 words and 21,000 tokens, so you can read it in like 20-30 minutes. READ THE BLOG VERSION | GET THE BOOK ON AMAZON (I recommend the blog version. Vastly superior typography!)

• Because people ask constantly, this week’s go-to models are: o3 and gemini-2.5-pro. Until recently it was largely Sonnet 3.7.

• Upping the priority on reading The Alchemist, by Paulo Coehlo.

• Almost done with Manacled, a Harry Potter fan fiction book. It’s 370,000 words! Which is bigger than the first three books combined. ALL FORMATS

• I’ll be at BSides SF this week, and RSA the week after. Come say hi! I’m an introvert and I might be introverting, but even if I am, I’m still me on the inside. And I’d love to say hello.

CYBERSECURITY

ChatGPT 4.1 Jailbreak Prompts
A collection of OpenAI Jailbreaks by Pliny. One of the top guys doing jailbreaks, and I love that he just publishes them. LINK

Windows NTLM hash leak flaw exploited in phishing attacks on governments
Attackers are grabbing NTLM hashes from government users in a single click, without them needing to open the actual file.

“This exploit is triggered with minimal user interaction with a malicious file, such as selecting (single-clicking), inspecting (right-clicking), or performing any action other than opening or executing the file.” LINK

Blue Shield Leaked Health Info of 4.7M patients with Google Ads
A Blue Shield web misconfiguration quietly leaked health info on 4.7 million people to Google Ads for nearly three years. LINK

China Admitted Its Role In Volt Typhoon Cyberattacks On U S Infrastructure
China basically admitted they were behind those Volt Typhoon attacks hitting a bunch of U.S. infrastructure.

Shocked, I am. Shocked. But it says a lot that they’re no longer denying the activity. LINK

AI to Create a Working Exploit Before Public PoCs Existed
Someone prompted GPT-4 with some commit diffs, and it built them a working exploit before any public code dropped. GPT-4 lined up everything—finding the bug in Erlang, writing the PoC code, even debugging when it failed initially. LINK

How Americans Are Surveilled During Protests
Governments are using phone data, drones, and cameras to make protesters trackable, even if you leave your phone at home. LINK

Shorter certificates are coming
TLS certificates are about to get a lot shorter, dropping from a year down to just 47 days. LINK

This 'College Protester' Isn't Real
A company called Massive Blue makes fake protesters to attract like-minded people online and gather intelligence for the authorities. "The system can create and maintain complex, believable online personas capable of sustained engagement.”

Maybe the simulation we live in is owned by writers for Black Mirror, and they made the universe to come up with episode scripts. Unlikely. Not impossible. LINK

NATIONAL SECURITY

ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
ICE is paying Palantir to build them an AI-powered, almost real-time data tool for people that are self-deporting.

We’re reading Alex Karp’s book, The Technological Republic, for UL Book Club this month, and I had a very positive interpretation of the book, but this type of stuff still gives me the icks. I’m increasingly feeling like my radar for “finding the good in people who continually bad things” is off, and I plan on spending a lot of time and effort fixing this. See: Elon, Rogan, Palantir/Karp, etc. More on this later. LINK

Booz Allen invests in Scout AI
Booz Allen is putting money behind Scout AI to upgrade how military robots work and think. They plan to expand robotics intelligence into ground, air, maritime, and even space military environments soon. LINK

TSMC to build 30% of its 2nm and more advanced chips in the U.S
TSMC’s about to build almost a third of its most advanced chips in Arizona way sooner than expected. Sounds great, but it’s not clear to me how much of this is real vs. hype designed to please the current administration. LINK

AI

How to Massively Reduce Errors Coding with Cursor
Jason Zhou talks through how adding a few things to his Cursor setup dramatically reduced his errors and rework. “I reduced 90% of errors by simply adding a memory bank to Cursor.” LINK

ChatGPT will now use its ‘memory’ to personalize search results
ChatGPT can now pull in details from your past chats to make web search results much more tailored to you. LINK

OpenAI makes its push into coding tools
Looks like OpenAI might spend $3 billion to buy Windsurf, going directly after Cursor. LINK

I talked about that here in a response to Karpathy. Basically (as I talk about in TRIOT), your personal AI will become your go-between for everything.

OpenAI Puts Image Generation in the API
You can now plug ChatGPT's image creation straight into your own apps and tools. LINK

A Google Gemini model now has a “dial” to adjust how much it reasons
Google just added a slider to Gemini so you can basically dial up or down how much it "thinks" on each task. LINK

ChatGPT spends 'tens of millions of dollars' on 'please' and 'thank you'
Every time you type “please” or “thank you” to ChatGPT, it’s costing a ton of money. Makes sense. It’s extra tokens. But that’s also a lot of reasons not to kill us, so maybe worth it. LINK

AI has grown beyond human knowledge, says Google's DeepMind unit
DeepMind thinks AI will really take off once it gets to learn by living, not just reading. LINK | DEEPMIND PAPER "Welcome to the Era of Experience" 

AGI Is Still 30 Years Away – Ege Erdil and Tamay Besiroglu
So these guys went on Dwarkesh’s podcast and they basically think true AGI is a few decades out, not just around the corner. I think they’re nuts, but they’re surely smarter than me in multiple areas, and when smart people disagree with me I listen. LINK

Everything Wrong with MCP
A monster analysis on how MCPs are super powerful, but have a whole mess of security holes and limitations people aren’t really seeing yet. LINK

TECHNOLOGY

All Meta Ray-Ban Smart Glasses Getting Live Translation and AI Soon
Meta just made live translation work for everyone with their Ray-Ban glasses, and full-on live AI vision is next. This is the start of the AR part of the AI ecosystem we’ve been talking about! Love how fast Meta is moving here. LINK

AI Agents won’t be your moat
An argument that building AI agents won’t protect your business long-term because everyone else can just copy them.

I mostly agree, but lots of things have been copied that don’t do as well as the original. ChatGPT is still ChatGPT. Kleenex. I’m not sure how strong the analogy holds, but there is clearly some advantage to branding and muscle memory. LINK

Intel Cuts 20%
Intel’s about to drop more than 21,000 jobs in a massive attempt to reset itself under new leadership. Hard to say how much is NVIDIA, market, AI, economy, etc. LINK

Nvidia Is Willing to Deepen its Presence in China, CEO Says in Beijing
Huang went to China and said they’ll keep finding ways to support their market, even given the restrictions. Clearly hedging here given that China might be the winning side. LINK

The Size of Packets
Packet sizes on the public Internet basically haven't changed in fifty years, and 1,500 bytes is still the ceiling. Largely due to practicality and predictability, not perfection. LINK

HUMANS

“Most promising signs yet” of alien life on a planet beyond our Solar System
Astronomers using JWST just found strong possible biosignature chemicals in K2-18b’s atmosphere.

“Given everything we know about this planet, a Hycean world with an ocean that is teeming with life is the scenario that best fits the data we have.” — Prof. Nikku Madhusudhan, Cambridge LINK

Most Americans in new survey believe their job is meaningful to society
Apparently, 62% of Americans do feel like their work matters to society. Do believe? Or want to believe? That’s the question. LINK

American citizen detained under ICE hold in Florida
A US-born guy from Georgia got held by ICE in Florida because they thought he was undocumented, even though he had his birth certificate. We’re sitting in heating water here, and I don’t think enough people are watching a thermometer. LINK

People Are Grifting Off the Measles Outbreak—and Claim a Bioweapon Caused It
RFK Jr.-linked anti-vax groups are cashing in big with AI-made “measles cures” while spreading bioweapon rumors. LINK

Mark Manson is starting over with his podcast, avoiding trite content
Mark Manson’s calling it on his old show and kicking off a deeper, no-guests thing called ‘Solved’. “The guest treadmill, the pressure to play nice, the temptation to chase clicks—it all started to feel fake.” —Mark Manson

Love how he is willing to just table flip the whole thing and start over. LINK

Star Wars: Starfighter will feature Ryan Gosling
Ryan Gosling is starring in a brand-new Star Wars movie called Starfighter, landing in theaters in 2027. Please be good. LINK

DISCOVERY

Agentic Radar: A security scanner for your LLM agentic workflows
Agentic-radar — Scans your AI agent workflows for vulnerabilities and hands you a security report. * I’m an advisor for the parent company, and projects like this are why. LINK

Recursive LLM prompts
recursive_llm — Run LLM prompts that automatically call themselves recursively, so you can get way more complex results without manually chaining everything yourself. LINK

MCP on AWS Lambda with MCPEngine
You can now run MCPEngine models on AWS Lambda so you don’t have to worry about standing up the stack yourself each time. LINK

Hacker News Writing Styles
hnstyle — Compares writing style across Hacker News users. LINK

A Journaling App With Memory
Pensiv — This is a journaling app where the AI actually remembers your context and doesn't forget it. Basically TELOS files. LINK

Damn Vulnerable MCP Server
Damn Vulnerable MCP Server — A broken MCP server that let’s you explore the various issues with the protocol. LINK

Dir2txt – Dump your project into clean LLM-ready text or JSON
dir2txt — This basically lets you turn your whole project tree into LLM-friendly text or JSON for processing by AI. LINK

A Map of British Dialects
A really cool interactive map that lets you hear how British English changes depending on region. LINK

How I blog with Obsidian, Hugo, GitHub, and Cloudflare
A write-up on how writing in Obsidian then publishing with Hugo and Cloudflare is stupidly fast and simple. LINK

I built an MCP server that does phone calls for me 
voice-call-mcp-server— An MCP server that handles your outgoing phone calls for you. LINK

A life calendar to remind us how much time we have left to live
lifeisshort.fyi — Turns your lifespan into a calendar of weeks so you actually feel time passing. LINK

Separating work and personal config
How to keep my sensitive work configs out of public dotfiles using local overrides. LINK

Agents with n8n
Making AI agents with n8n that handle stuff automatically, but ask humans when it matters most. LINK

Neovim users: what AI tools are you using?
Neovim AI — Tons of new plugins let you embed everything from ChatGPT to Llama4 straight into your nvim flow. LINK

Web Based MCP Vulnerability Scanner
mcpscan.ai — A free web app that scans for vulnerabilities in MCP environments, super straightforward. LINK

MCP Run Python
An MCP server that lets you safely run Python code in a browser-like sandbox using Pyodide, managed via Deno. LINK