Unsupervised Learning NO. 483

UPDATES

Hey, hope you’re doing well!

• 🔥🔥🔥 I just released my new video on where I think Hacking is going! This will likely convince you to build an AI automation stack for security testing (and other stuff). 👇🏻👇🏻👇🏻

• My new essay on how I see AI affecting education. ESSAY (1 minute read)

• My new essay on AI Job Replacement timelines. ESSAY (5 minute read)

• 🌶️ My new essay on my two groups of cyber/AI friends. ESSAY (3 minute read)

• Cybersecurity Jobs Currently Available LIST

• My buddy Ryan Bonner is about to give his first public talk soon, so here’s my piece on how to permanently remove your fear of public speaking. GUIDE (3 minute read)

• Gukesh beats Magnus in a Classical game for the first time, and Magnus hammer-fists the table. VIDEO

CYBERSECURITY

Google Patches New Chrome Zero-Day Bug Exploited in Attacks

Google just fixed their third Chrome zero-day of the year, this one being actively exploited. Severity is rated High. THE ARTICLE | GOOGLE'S SECURITY ADVISORY 

Microsoft And CrowdStrike Create Shared Threat Actor Dictionary

Microsoft and CrowdStrike are creating a shared glossary to map their different names for the same hacking groups, which should reduce a lot of confusion for security teams. THE ARTICLE | MICROSOFT'S ANNOUNCEMENT | CROWDSTRIKE'S BLOG POST | MICROSOFT'S THREAT NAMING GUIDE

OpenAI's o3 Discovers Linux Kernel Zero-Day Vulnerability

Sean Heelan successfully used OpenAI's o3 to find a remote zero-day in Linux kernel's SMB implementation. Talked about it last week, too, but it’s cool enough to mention again. THE ARTICLE | SEAN HEELAN ON X 

Meta Plans to Automate Product Risk Assessments with AI

Meta is automating privacy and risk reviews for 90% of app updates using AI. One of the best use cases for security, in my opinion. Triage. Filtering. Figuring out which functionality needs the deeper, manual testing. THE ARTICLE 

Massive Asus Router Botnet Uses Persistent Backdoors

The AyySSHush botnet has compromised over 8,000 Asus routers using backdoors that survive firmware updates.

THE ARTICLE | GREYNOISE ANALYSIS | CENSYS INFECTED HOSTS | RUDIS MASTODON POST

Russian Market Becomes Top Destination For Stolen Credentials

The Russian Market cybercrime platform is now the leading marketplace for stolen credentials, filling the gap left by Genesis Market's takedown. THE ARTICLE | RELIAQUEST REPORT | GENESIS MARKET TAKEDOWN 

DoJ Takes Down Four Major Services Used by Cybercriminals

The DoJ seized four domains that helped criminals hide malware from antivirus software in a coordinated international operation. THE ARTICLE | DOJ ANNOUNCEMENT | DUTCH POLICE REPORT 

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

Earth Lamia has been hitting organizations across multiple countries since 2023, now shifting focus from finance to government and universities. THE ARTICLE | TREND MICRO ANALYSIS | ELASTIC SECURITY LABS REF0657

NATIONAL SECURITY

Ukraine Hides Explosive Drones In Wooden Sheds To Hit Parked Russian Bombers

Ukrainian secret services figured out how to attack Russian strategic bombers by hiding explosive drones inside wooden shed roofs. Once deep inside Russia—like over a thousand miles from the border—they deployed remotely using Russian cell networks and destroyed multiple irreplaceable bombers.

Exact numbers are sketchy, but the takeaway is that this attack doesn’t just affect the war in Ukraine, but Russia’s overall strategic bomber capability.

The bombers that were taken out can’t easily (or at all?) be reproduced by Russia, so they just had their overall military capability dramatically reduced.

This is like the Israeli attack on Hezbollah from last year in terms of tactical genius, but at a whole different impact scale. 

The biggest takeaway for me is just the overall impact of drones, and how asymmetrical they are against things like bombers and aircraft carriers. THE ARTICLE | THE REUTERS ARTICLE | REUTERS VIDEO | IAN BREMMER’S ANALYSIS VIDEO | KILL DECISION BOOK BY DANIEL SUAREZ

China's Deep Network Penetration Signals War Preparations, Says Former Trump Advisor

Former national security advisor H.R. McMaster told lawmakers that China's extensive hacking of US infrastructure systems is preparation for war. THE ARTICLE | VOLT TYPHOON COVERAGE | SALT TYPHOON ATTACKS 

FBI Arrests Defense Intelligence IT Worker For Park Drop Espionage

A DIA tech guy who worked in their insider threat division got busted trying to an old-school dead drop of classified files in a Virginia park to what he thought were foreign spies. The guy literally worked in the division that's supposed to catch people doing exactly this. THE ARTICLE | DOJ PRESS RELEASE | FBI AFFIDAVIT | KASH PATEL'S STATEMENT

AI

📊 Mary Meeker Returns With First Trends Report Since 2019 Focusing on AI

Mary Meeker just dropped her first mega-trends report in 5 years, and it's all about AI.

• AI investments hit $330 billion globally in 2024\
• 85% of Fortune 500 companies now have active AI initiatives
• Developer productivity gains from AI tools averaging 55% improvement

THE REPORT | HACKER NEWS DISCUSSION

Why Dwarkesh Patel Has Longer AGI Timelines Than His Podcast Guests

Dwarkesh thinks we're still years away from truly useful AI because current models can't learn on the job like humans do.

I think he’s wrong about this because the whole “learn on the job” thing is just a systems / scaffolding problem. It’s all the stuff around AI that everyone is working on, and I think progress there will be as fast or faster than the IQ progress of the models. THE ARTICLE | SHOLTO AND TRENTON INTERVIEW | MECHANIZE'S AUTOMATION POST | EPOCH AI COMPUTE SCALING

McKinsey Says The Future Of Work Is Agentic

McKinsey argues that agents are basically becoming digital workers that can think, decide, and execute tasks on their own—not just respond to prompts. I obviously agree.

I think the endgame here is hard to execute but pretty simple to see: You have your current state of your $THING, and you define your desired state of the $THING, and then you task your few cofounders and your tens of thousands of agents to continuously make that happen.

The trick there is continuous. The overall orchestrator is watching everything constantly, and spawning and stopping jobs to get the work done that best maintains the ideal state. THE ARTICLE | JORGE AMAR'S PROFILE | MCKINSEY TALKS TALENT PODCAST | MICROSOFT WORK TREND INDEX | WSJ AI AGENTS ARTICLE 

The Truth About AI and Job Loss

Niruta Talwekar from Meta dug into historical data to figure out which jobs AI will actually eliminate and whether there's still room for junior developers. THE ARTICLE

Google Gemini Integration With Siri Could Fill Apple's Personal Context Gap

Google's upcoming Gemini integration with Siri might actually matter since it'll access your Gmail and Photos for personal context. THE ARTICLE | GOOGLE I/O ANNOUNCEMENT 

Snowflake Buys Crunchy Data For $250 Million

Snowflake bought PostgreSQL company Crunchy Data to help customers build AI agents that need real-time database capabilities. This is one of the companies that will try to build UEC, I think. THE ARTICLE | MY UEC VIDEO

TECHNOLOGY

McKinsey Uses AI to Automate PowerPoint Creation and Proposal Writing

McKinsey's proprietary AI platform Lilli now handles PowerPoint creation and proposal drafting, with over 75% of employees using it monthly. THE ARTICLE | BCG AI REVENUE REPORT 

Workday Plans To Rehire The Same Number Of People They Laid Off But With Different Skills

Workday says they'll hire back the 1,750 people they cut in February, but with AI skills instead of whatever those people were doing before. THE ARTICLE | FEBRUARY LAYOFF ANNOUNCEMENT 

Nvidia Develops New AI Chip For China That Meets Export Controls

Nvidia is making a Blackwell-based B30 chip for China with multi-GPU scaling to replace their banned H20 accelerators.

My guess is most of this doesn’t matter that much in the end. Most of the gains will be in the software tricks/jumps, which the whole world will continue to copy. The result will be China matching or exceeding the US soon, and there just being seesaw jumps and catchups between open-source and premier labs before ASI happens, when things get weird.

In short, I think everyone’s going to have roughly the same capabilities looking backwards due to progress leaks/sharing across the industry, with China possibly taking a major advantage later because of energy and data and singular policy execution. THE ARTICLE | THE INFORMATION REPORT | H20 BAN DETAILS | JENSEN'S RESPONSE

Computer Science Unemployment Hits 6.1 Percent Despite Major's Popularity

Computer science ranks seventh among majors with the highest unemployment rates at 6.1 percent, even though it's one of the most popular degrees. THE ARTICLE | BEST COLLEGE MAJORS

HUMANS

Sixty Percent of Americans Have Retirement Savings Accounts, But It’s Lumpy

About six in ten Americans have money in retirement plans like 401k or IRAs, with huge gaps by income and education.

• 83% of people making $100k+ have retirement accounts versus only 28% making under $50k.

• College graduates are twice as likely to have retirement savings compared to those without college education (81% vs 39%)

• There's a 26-point racial gap with 68% of white adults having retirement plans versus 42% of people of color

THE ARTICLE | STOCK OWNERSHIP DATA | RETIREMENT SATISFACTION STUDY | GALLUP RETIREMENT TOPICS

US Economy Contracts More Than Expected in Q1

The US economy shrank 0.2% in Q1, worse than initially reported, due to weaker consumer spending and trade impacts. THE ARTICLE

Younger Generations Less Likely To Develop Dementia

People born more recently have lower dementia rates than earlier generations at the same age. In the US, 25.1% of people aged 81-85 born 1890-1913 had dementia versus 15.5% born 1939-1943.

My guess is that “retirement” in the traditional sense is devastating to cognitive function. Basically old people used to stop working at like 60 or whatever and then do mostly nothing, which we now know is really bad for you. And younger people remain more cognitively active as they age. Again, just a guess. THE ARTICLE | THE JAMA STUDY | DEMENTIA PREVENTION FACTORS | LANCET STUDY ON TRENDS

The American Vs. European Mindset On Life

A Turkish-German writer breaks down why Europeans work less, stress less, and prioritize experiences over possessions. THE ARTICLE | EUROPE VS USA WORK SURVEY | GERMAN WORK CULTURE DATA | LIFE EXPECTANCY COMPARISON

If You Are Useful, It Doesn't Mean You Are Valued

There's a big difference between being useful to your company and being valued by them, and the signals can look surprisingly similar. THE ARTICLE

How Much Coffee Is Too Much?

Studies show that drinking 3-5 cups daily is actually linked to lower mortality rates.
Coffee drinkers have 12% lower risk of death from all causes compared to non-drinkers. Love to hear it, but I wonder how much of this is just the benefit of being so busy doing stuff that you need that much coffee. THE ARTICLE

DISCOVERY

Run Your Own AI Locally On Your Mac

Anthony Lewis walks through the simple steps to get an LLM running locally on your laptop using Simon Willison's llm tool and Apple's MLX framework. THE ARTICLE | SIMON WILLISON'S BLOG | MLX FRAMEWORK | OLLAMA FOR PC | UV DOCUMENTATION | MLX COMMUNITY MODELS

Anthropic's Interactive Prompt Engineering Tutorial

Anthropic released a hands-on tutorial that walks you through prompt engineering techniques with interactive examples and exercises. THE PROJECT

Indirect Prompt Injection Overview

A podcast on Indirect Prompt Injection PODCAST (30 minutes)

My AI Skeptic Friends Are All Nuts

“But the code is shitty, like that of a junior developer.”

“Does an intern cost $20/month? Because that’s what Cursor.ai costs.”

lol

Thomas Ptacek (an old-school security guy) is calling out his AI skeptic friends for being completely wrong about AI's actual capabilities and impact. Very similar vibes to my essay up at the top about my two friend groups. THE ARTICLE | HN DISCUSSION | HIS TWITTER

Claude Code Is My Computer

This guy runs Claude Code in dangerous no-prompt mode and lets it do basically everything on his Mac without asking permission first. THE ARTICLE | ANTHROPIC'S CLAUDE CODE DOCS | CLAUDE CODE BEST PRACTICES | STEIPETE'S TWITTER

You2Anki Turns Videos Into Vocabulary Flashcards

You2Anki – Extracts vocabulary from any video and creates Anki flashcards for language learners.THE PROJECT | HN DISCUSSION

Jobinator Filters Hacker News Job Posts With AI-Powered Metadata

Someone got tired of manually scanning HN job threads and built a tool that uses LLMs to extract and normalize job attributes for better filtering. THE PROJECT

Tensor Product Attention Is All You Need

Researchers developed a new attention mechanism that uses tensor decomposition to dramatically shrink memory usage during inference. THE PAPER | THE CODE

The Metamorphosis of Prime Intellect: A Dark Tale of Post-Human Existence

This 1994 science fiction novel tells the story of Lawrence, who creates an AI that becomes godlike and transforms humanity's existence into a strange post-scarcity immortal world where death becomes entertainment. One of my top 10 sci-fi books ever. THE BOOK (it’s free online)

Andor Season 2 Shows How Insider Threats Actually Work In Real Organizations

Adam Shostack breaks down how the Star Wars show Andor demonstrates different types of insider threats and security failures. THE ARTICLE | ERIC GELLER'S ANDOR ANALYSIS | THREATS BOOK

GitHub Repository of N8N Workflows

Someone created a GitHub repo of tons of scraped n8n workflow automation templates that you can copy and use for your own projects. THE REPOSITORY

My Five-Year Experiment with UTC

A developer switched to using UTC time for everything five years ago and says it eliminated timezone confusion while making scheduling much simpler. THE ARTICLE | HACKER NEWS DISCUSSION

The Book Of Secret Knowledge GitHub Repository

This massive GitHub collection by trimstray has gathered 171k stars for organizing security tools, Linux resources and DevOps knowledge. THE PROJECT | TRIMSTRAY'S PROFILE 

Jason Chan And Clint Gibler Have a Brilliant Conversation In Latest TL;DR Sec

The latest TL;DR Sec newsletter by my close friend Clint features a guest post from former Netflix VP Jason Chan. It’s about building security programs that boost both developer productivity and security at the same time, plus lots of great knowledge on cloud security in general..

JASON'S SECURITY POST | CLINT’S NEWSLETTER | INVICTUS CLOUD IR GUIDE | VERIZON 2025 DBIR