Unsupervised Learning NO. 490

Hey! Hope you’re doing well!

—

Found a new artist with EPIC music for coding/hacking to. Like the perfect mix of synthwave and something heavier. DANIEL DELUXE | RECOMMENDED STARTER ALBUM (no, it’s not me. 😂 Wish it were)

—

NEW AI / CODING VIDEO!!! 👇🏼👇🏼👇🏼

—

I’ve massively updated the website! (28.7 years of content!), added new pages, added a search feature, and just tons of minor upgrades: THE NEW HOMEPAGE | THE NEW ARCHIVES PAGE

—

I’ve been writing like a crazy person last few days!!!

This is probably my favorite post, which I used a new data visualization tool to make the charts for. So now I can make data visualizations in this style for any future post just by telling Kai, my DA, to pull a dataset and visualize it.

It’s D3 underneath, btw.

👇🏼👇🏼👇🏼 (someone please tell me they like the gif) (Midjourney, btw, using a prompt based on the entire article)

And a bunch of other more technical ones…

—

One reason I'm happy to be using a Chrome-based browser again is that I get to use my favorite extension, Vimium. My absolute favorite feature? / to search and then you can use n and N to move through the instances. THE VIMIUM EXTENSION PAGE

Microsoft SharePoint Zero-Day Hits 75+ Companies With No Patch Available

Microsoft's got a critical SharePoint zero-day (CVE-2025-53770) being actively exploited against 75+ organizations worldwide, and there's no patch yet—just workarounds like enabling AMSI or disconnecting from the internet.

THE HACKER NEWS STORY | MICROSOFT ADVISORY | MICROSOFT GUIDANCE | EYE SECURITY RESEARCH | PALO ALTO UNIT 42 | AMSI CONFIGURATION GUIDE

Fortinet Patches Critical SQL Injection Vulnerability in FortiWeb

Fortinet just fixed a nasty SQL injection bug (CVE-2025-25257) in FortiWeb that lets attackers run database commands without authentication, scoring 9.6 out of 10 on the Richter Scale. THE HACKER NEWS ARTICLE | FORTINET ADVISORY | WATCHTOWR ANALYSIS | EXPLOIT CODE

Google's AI Agent Prevented The First Real-World Cyberattack

Google's Big Sleep AI caught a SQLite vulnerability that was about to be exploited and stopped it before any damage happened. DIGITAL TRENDS ARTICLE | SUNDAR'S TWEET | GOOGLE'S BLOG POST | INVESTING COVERAGE | LIVE MINT REPORT | TIMESKETCH TOOL

Chinese Hackers Owned National Guard Network for Nine Months

Salt Typhoon stayed hidden in a U.S. Army National Guard network for nine months, stealing network configs and admin credentials that could help them break into other government networks across all 50 states. BLEEPINGCOMPUTER ARTICLE | DHS MEMO | NBC REPORT | CVE-2018-0171 | CVE-2023-20198 | CVE-2024-3400

Ring Brings Back Police Video Sharing Through Axon Partnership

Ring quietly reversed course and started letting cops request doorbell footage again, this time through Axon instead of their own app. THE VERGE ARTICLE | AXON ANNOUNCEMENT | BUSINESS INSIDER COVERAGE

Hyatt Supposed Uses AI Smoking Detectors That Listen For Vaping Sounds

Hyatt hotels are (possibly) installing these new detectors that use sound algorithms to catch people vaping in their rooms. Cool, but not ok. Generally, a microphone is a microphone. TWITTER THREAD | HN DISCUSSION

Surveillance Company Found Using New SS7 Bypass to Track Phone Locations

Enea researchers caught a Middle East surveillance vendor exploiting a new SS7 attack that bypasses carrier security protections to secretly track people's phones down to a few hundred meters. TECHCRUNCH ARTICLE | ENEA RESEARCH

npm Maintainers Got Phished and Malware Was Injected Into Popular Packages

Attackers phished npm maintainer credentials and used stolen tokens to inject malware into 5 popular packages like eslint-config-prettier without touching any source code. THE HACKER NEWS STORY | SOCKET'S ANALYSIS | PHISHING CAMPAIGN DETAILS | GITHUB ISSUE | PROTESTWARE REPORT | ARCH LINUX WARNING

Cisco Dropped Another Perfect 10 CVSS Bug That Gives Root Access Without Authentication

Cisco warned about CVE-2025-20337, a maximum severity flaw in their Identity Services Engine that lets attackers run code as root with zero authentication needed. THE HACKER NEWS ARTICLE | CISCO SECURITY ADVISORY | SHADOWSERVER TWITTER UPDATE | CENSYS ADVISORY | SHADOWSERVER DASHBOARD

China's Phone Extraction Tool Grabs Everything From Seized Devices

Lookout researchers found that Chinese cops are using a tool called Massistant that sucks up SMS, GPS, images, and even Signal messages from phones they confiscate at borders. THE HACKER NEWS STORY | LOOKOUT RESEARCH REPORT | MFSOCKET PREDECESSOR ANALYSIS | MEIYA PICO COMPANY INFO | TREASURY SANCTIONS NOTICE | MEIYA PICO PATENTS

Former US Army Soldier Pleads Guilty to $1M Telecom Extortion

Cameron John Wagenius, a 21-year-old Army soldier using the handle "kiberphant0m," pleaded guilty to hacking at least 10 telecom companies including AT&T and Verizon, stealing sensitive data, and extorting over $1 million while on active duty. SECURITY AFFAIRS ARTICLE | DOJ PRESS RELEASE | WAGENIUS INDICTMENT PDF | KREBS INVESTIGATION | PIERLUIGI'S TWITTER

Nvidia GPUs Are Now Vulnerable To Rowhammer Attacks

Researchers showed that Nvidia graphics cards can be hacked using Rowhammer bit-flip attacks, which is the first time anyone's pulled this off on GPUs. ARS TECHNICA ARTICLE | HN DISCUSSION

Nvidia Plans to Resume AI Chip Sales to China After Getting U.S. Government Approval

Nvidia CEO Jensen Huang says they're filing export license applications to sell the H20 chip to China again after previously being restricted by the U.S. government. THE INFORMATION REPORT

Microsoft Stops Using Chinese Engineers for Pentagon Work

Microsoft just said they're cutting off Chinese engineers from helping with Defense Department cloud systems after ProPublica exposed they were using "digital escorts" to supervise them. TECHCRUNCH ARTICLE | PROPUBLICA INVESTIGATION | HEGSETH'S X POST | SHAW'S RESPONSE

China Is Spending Billions to Become an A.I. Superpower

Beijing's throwing massive government money at their AI companies to catch up with the U.S., using their classic industrial policy playbook. I respect it, and I wish we were doing more of the same. NYTIMES ARTICLE

The Economist Explains Why AI Adoption Is Going Slower Than Some Expected

The Economist breaks down why AI is spreading slower than expected, pointing to factors like high implementation costs and organizational resistance to change. This is something I talked to Jason about quite a bit, and I think it's underestimated how much of an effect this is.

The way I explain it is that many corporations (maybe even most) are so messed up that you could literally bring them a giant green button made by God that fixes everything, and they would still fumble that. They would fail to get the right people in the room to have a meeting, there would be someone powerful in the organization who would lose a lot if everything was fixed and they would kill the implementation, etc. THE ECONOMIST ARTICLE | HN DISCUSSION

Netflix Uses AI For Visual Effects In Show For First Time

Netflix co-CEO Ted Sarandos says they used generative AI to create a building collapse scene in The Eternauts, completing it 10 times faster than traditional methods would have allowed. BBC ARTICLE | HOLLYWOOD STRIKE COVERAGE

OpenAI Just Released ChatGPT Agent That Does Multi-Step Tasks

OpenAI launched ChatGPT Agent that can handle complex workflows like analyzing your calendar, planning meals, buying groceries, and creating presentation decks by combining web browsing, research, and code execution in one unified system.

To me, this is all part of moving towards a full digital assistant with a personality that has a full memory and full context of you and all your preferences.

Memory and operator and all the various sub-products across multiple companies are moving in that direction. And I just wrote this post about that this week as well. DA AS THE FINAL DESTINATION FOR AI INTERFACES | OPENAI ANNOUNCEMENT | OPERATOR TOOL | DEEP RESEARCH | DARING FIREBALL POST

Scale AI Lays Off 200 Workers Right After Meta's $14 Billion Investment

Scale AI just cut 200 employees and 500 contractors a month after Meta invested $14.3 billion, with the CEO saying they "ramped up GenAI capacity too quickly." I read somewhere that it was in their data labeling department, which would make sense if they just figured out how to do that in a more automated way. TOM'S HARDWARE ARTICLE | THE VERGE REPORT | TIME REPORT

Human Beats AI at World Coding Championship Despite Being Exhausted

Some dude who was completely wiped out still managed to beat an AI model at the world coding championship, which makes me happy as a human. ARSTECHNICA ARTICLE | HN DISCUSSION

Delta's Using AI to Set Personal Ticket Prices for Each Customer

Delta's ditching standard pricing and moving to AI that sets different prices for each person based on their personal data and willingness to pay. This seems super ingenious, super obvious, and super f*cked up all at the same time. FORTUNE ARTICLE | MORNING BREW ARTICLE | HN DISCUSSION

Former OpenAI Engineer talks about what it's really like on the inside

Calvin French-Owen worked on Codex for a year and says OpenAI tripled to 3,000 people, creating total chaos but also magic launching power.

CALVIN'S BLOG POST | TECHCRUNCH ARTICLE | CODEX LAUNCH STORY | CURSOR COMPETITION

ChatGPT Usage Among Americans Doubles To 34% In Two Years

Pew Research found that ChatGPT adoption has doubled since 2023, with 58% of adults under 30 now using it regularly for work, learning, and entertainment. THE SURVEY | SURVEY METHODOLOGY | TOPLINE RESULTS | SURVEY QUESTIONS

China's Putting Data Centers Underwater

You Xiaoying reports that China's building a $223 million underwater data center off Shanghai that uses 30% less electricity than land-based ones. SCIENTIFIC AMERICAN ARTICLE | YOU XIAOYING'S PROFILE

FFmpeg Devs Hit 100x Performance Boost With Handwritten Assembly Code

FFmpeg developers just achieved a 100x speedup on a single function by ditching compiler-generated code for handwritten assembly, proving that old-school optimization still crushes modern compilers. Tally another win for humans ✊🏼. TOM'S HARDWARE ARTICLE | FFMPEG PATCH | FFMPEG ASSEMBLY SCHOOL

TSMC Building Four New Plants for 1.4nm Chips

TSMC's starting construction on four new fabs to manufacture 1.4nm processors. TAIPEI TIMES ARTICLE | HN DISCUSSION

Russia's Top University Now Offers A Master's Degree In Sanctions Evasion

Moscow's Higher School of Economics launched a two-year program teaching students how to navigate Western sanctions, complete with courses on crypto assets and cross-border compliance tricks. THE RECORD ARTICLE | HSE PROGRAM PAGE | COMPANY EXODUS DATA | SHADOW FLEET COVERAGE | DOJ CRYPTO CHARGES | UKRAINE CYBER ALLEGATIONS

YouTube Won The Battle For TV Viewers

YouTube now captures more TV screen time than Netflix, completely flipping how people watch “TV”. WSJ ARTICLE | HN DISCUSSION

Blood Tests Can Spot Cancer DNA Years Before Actual Diagnosis

Researchers found that liquid biopsy tests can detect circulating tumor DNA in blood samples up to two years before doctors would normally catch the cancer through traditional screening methods. SCIENCE NEWS ARTICLE | HN DISCUSSION

Recent Male College Graduates Hit 7% Unemployment While Female Grads Stay at 3%

Edward Conard shows that young male college grads now have the same unemployment rate as guys without degrees, while women grads are doing fine. THE ARTICLE | HN DISCUSSION

Chess Players Are Making Serious Money Now

Chess tournaments are finally paying real money with million-dollar prize pools as the game adapts to faster formats for streaming audiences. MORNING BREW ARTICLE | POST MALONE FIST BUMP | CNN INTERVIEW

Nicotine Pouches Are Poisoning Way More Kids Than Other Nicotine Products

A new study found that nicotine pouch poisonings in kids under 6 jumped 760% between 2020 and 2023, with these sweet-tasting pouches causing 150% more serious medical effects than other nicotine products. CNN HEALTH ARTICLE

Reading Rainbow Was Built to Fight Summer Reading Loss

The classic PBS show that I absolutely loved and probably got me into reading was specifically designed to prevent kids from losing reading skills during summer break. Not sure how much is perception, but I really feel like I miss having a government that cares about lifting everyone. SMITHSONIAN ARTICLE | HN DISCUSSION

Scott Spence Optimizes His ZSH Shell Startup Time

Scott Spence figured out how to cut his shell startup time in half by profiling and optimizing his ZSH configuration. It's funny, I was about to optimize mine because I had like a 3-second delay, which is completely unacceptable. I used Kai to optimize the crap out of it with the assistance of this article, and now I'm probably sub-half second. THE ARTICLE | HN DISCUSSION

Personal Experience Creates Terrible Mental Models About Reality

Max Roser argues that our personal experiences give us wildly inaccurate pictures of the world, which is why we need statistics to actually understand what's happening around us.

I mean, why can't we have both? I feel like personal experience is pretty hard to call wildly inaccurate. In some sense, it's the most real we have. But I definitely get the point about balancing that with statistics. OUR WORLD IN DATA ARTICLE

People Care When You Risk Something Real

Joan Westenberg explains why authentic writing beats algorithmic optimization—you have to care deeply about something urgent and be willing to sacrifice safety for truth.

Absolutely love her writing, but honestly I'm already starting to get a feeling that she's literally following her own formula at this point. And I feel like I could write in exactly this voice if I wanted to. And I bet she would agree with me. She's probably already working to fix it somehow. JOAN'S ESSAY

Brainfork Lets You Build Personal RAG Servers in Seconds

This new tool lets you spin up your own RAG server instantly using the Model Context Protocol, so you can chat with your personal documents without sending them to third parties. BRAINFORK SITE | HN DISCUSSION

Thoughtbot Publishes A Practical Unix Command Guide For Developers

Thoughtbot created a no-nonsense guide covering the essential Unix commands and concepts you actually need to know to work effectively in a terminal. THE GUIDE

Ccusage Analyzes Your Claude Code Usage From Local Files

Ryoppippi built this CLI tool that reads your Claude code interaction logs and shows you exactly how much you're using it and what for. THE TOOL | HN DISCUSSION

HN Users Share Their Go-To Shell One-Liners

Someone on Hacker News asked what shell commands people actually use daily, not just the fancy obscure ones you see in lists online. HN DISCUSSION