Unsupervised Learning NO. 498

Whew! Lots of travel this past week, and so many stories captured. Hence the later newsletter…

So glad to be be back with my keyboard and displays! But swimming in a random Croatian piece of heaven, and going to a great conference, was worth being away. I mean it looks like AI, but it was real. Note: I actually used Nano Banana to remove a guy on a boat like 20 meters out! Note 2: If you’re fat enough and the water is salty enough you can float while straight up and down. Good to know.

—

Got one of my patents finalized! So glad it was the one based around TELOS as well. Basically: defining and moving towards goals in a programmatic fashion. Will post the actual thing once I have the paperwork complete.

—

Absolutely loved this conversation with the Zero Signal folks I had in Vegas, and it’s just now available to watch. Some really great questions and conversation in this one.

AGI and Employment: A Double-Edged Sword WATCH NOW

—

Had a wonderful conversation with Grant Lee about Gamma, one of the types of tech I’m most excited about. Presentation! Basically, ideas → interface. ^SPONSORED

—

This is another one from Vegas that just came out. Jason and I went on Ashish and Caleb’s podcast to talk about AI and Security!

Self-replicating npm worm steals cloud tokens at scale
ReversingLabs found a first-of-its-kind npm worm that spreads by compromising packages and siphoning cloud tokens—basically supply-chain malware that replicates itself. Lots of other outfits reported it as well, but RL was the first I saw and I like their depth of coverage. Really feel like these guys don’t get nearly enough credit for the tech they have. Basically the best binary analysis / supply chain stuff I’ve ever seen. REVERSINGLABS BLOG POST

Chrome rushes a fix for a live V8 zero‑day
Ravie Lakshmanan flags Google patching CVE-2025-10585, an in-the-wild V8 type confusion; update Chrome now—Edge, Brave, and friends next. THE HACKER NEWS STORY | GOOGLE STABLE CHANNEL ADVISORY

Microsoft and Cloudflare quietly kneecap a phishing-as-a-service giant
CSO Online says Microsoft and Cloudflare yanked RaccoonO365’s scaffolding—338 domains, Cloudflare Workers, the whole thing. CSO ONLINE STORY | MICROSOFT DCU BLOG | CLOUDFLARE ANALYSIS | RACCOONO365 LAWSUIT DOCS | MICROSOFT UNDER FIRE STORY | WINDOWS FIXES STORY

Pnpm adds a “wait period” to block fresh package landmines
Pnpm quietly shipped minimumReleaseAge to delay installs of just-published packages (that’s when most compromises get caught), plus new “finder functions” for custom dependency hunts. PNPM 10.16 RELEASE NOTES | MINIMUMRELEASEAGE DOCS | MINIMUMRELEASEAGEEXCLUDE DOCS | FINDER FUNCTIONS DOCS | RELATED ISSUE #9921 | RELATED PR #9946

Check Point buys Lakera to own AI security end-to-end
SecurityWeek reports Check Point is buying Lakera to bolt pre-deploy testing and runtime guardrails onto its Infinity stack—basically cradle-to-prod defenses for agentic AI. SECURITYWEEK STORY | LAKERA HOMEPAGE | LAKERA GANDALF BASELINE

CrowdStrike buys Pangea to push AI detection and response
SecurityWeek says CrowdStrike is buying Pangea to bolt AI Guard/Prompt Guard into Falcon and ship “AIDR” as the new EDR for AI. SECURITYWEEK ARTICLE | PANGEA SITE | CHECK POINT BUYS LAKERA | PANGEA AI GUARD ANNOUNCEMENT | CROWDSTRIKE PRESS RELEASE | OLIVER FRIEDRICHS AIDR TALK

Google’s cop data portal briefly fooled by fake account
The Register says Google confirmed a bogus law-enforcement account in LERS; no data pulled, but Scattered Lapsus$ Hunters showed off “access” screenshots. THE REGISTER ARTICLE | BREACHFORUMS GOODBYE POST | BLUESKY “ACCESS” SCREENSHOTS | REGISTER ON CYBERCREW MERGER | FBI NICS REFERENCE | TRUSTWAVE SPIDERLABS COMMENT

Plex discloses a security incident and resets some accounts
Plex says they had a security issue and forced some password resets. Enable 2FA if you haven’t already. PLEX SECURITY INCIDENT | HACKER NEWS DISCUSSION

Apple marries silicon and OS to kill memory bugs by default
Apple Security Engineering and Architecture says Memory Integrity Enforcement fuses hardware and OS checks to block whole classes of memory exploits—always on, with basically no perf hit. APPLE SECURITY BLOG | DARING FIREBALL LINK POST

Palantir is stitching government data into one lens
The Conversation says Palantir is basically fusing agency silos into a single view, which is insanely powerful and scary at the same time. Literally a solution and a problem all at once. It all comes down to how it’ll be used, and by whom, towards what goals. THE CONVERSATION ARTICLE | HACKER NEWS DISCUSSION

Anthropic angers White House by blocking law-enforcement surveillance uses
Semafor says Anthropic refused contractor requests tied to FBI/Secret Service/ICE surveillance, which the company bans, frustrating the Trump White House’s expectation of friendly treatment from “patriotic” AI firms. SEMAFOR STORY | ANTHROPIC USAGE POLICY | OPENAI USAGE POLICIES

Taiwan quietly fortifies its undersea lifelines against grey-zone pressure
OODAloop says Taiwan’s guarding its submarine cables like critical infrastructure now, which is the tell—Beijing’s testing comms chokepoints without crossing the shooting line. OODALOOP STORY

Poland shoots down Russian drones in its airspace
WIRED’s piece says Poland shot down multiple Russian drones over its territory—Prime Minister Donald Tusk confirmed it—basically moving Warsaw from observer to participant. WIRED ARTICLE | NBC NEWS REPORT | WIRED AI DRONES CONTEXT | WIRED UKRAINE COVERAGE

Australia locks in Ghost Shark undersea drones while U.S. stalls
TechCrunch’s piece shows Australia and Anduril getting a AUS$1.7B Ghost Shark fleet into service next year—meanwhile the U.S. can’t get Orca moving. TECHCRUNCH STORY | ANDURIL SITE

Game studios start trusting AI to build actual games
The Information says studios now think generative AI’s finally usable for real game design, not just demos or fluff. THE INFORMATION ARTICLE

Startups get unfair advantages in the AI era
Aaron Levie lays out why tiny teams can now ship enterprise-grade products fast by stacking APIs, models, and distribution hacks most incumbents won’t touch. YOUTUBE VIDEO | HACKER NEWS COMMENTS

Most people didn’t have taste before AI, and that’s the problem
Matthew Sanabria argues most folks never built personal taste, so AI just amplifies blandness unless you’ve done the work of actually caring. ARTICLE BY MATTHEW SANABRIA | HACKER NEWS DISCUSSION

Greynoise MCP server brings real-time intel to agent workflows HELPNETSECURITY ANNOUNCEMENT

AI might finally make “many eyes” real in security
Think Digital Partners captures my friend Saša and I arguing the open-source “many eyes” promise failed with humans, but thousands of lightweight AI agents can actually watch everything, continuously. This was a really fun conversation at a great conference Infobip in Croatia! THINK DIGITAL PARTNERS ARTICLE | DANIEL MIESSLER SITE | INFOBIP SHIFT CONFERENCE | REVERSINGLABS SITE

Frontier labs are hiring “attack sims” to harden AI before it escapes
Thomas Brewster reports that Irregular (formerly Pattern Labs) gets paid by OpenAI and Anthropic to red-team frontier models, even probing GPT-5 for offensive cyber use—and it’s already valued at $450M. FORBES STORY BY THOMAS BREWSTER | IRREGULAR GPT-5 EVALUATION REPORT | ANTHROPIC MISUSE WARNING | FBI AI VOICE PHISHING PSA

OpenAI launches Grove, a crew-based agent platform OPENAI GROVE ANNOUNCEMENT

OpenAI reportedly sets $300B Oracle compute deal TECHCRUNCH STORY

Meta’s new Ray-Ban Display glasses actually land the promise
Victoria Song says Meta’s $799 Ray-Ban Display finally nails heads-up smart glasses—discreet text, solid UX, and “feels real” in a way Glass never did. These are super exciting to me because they are the AR component of what I wrote about in my book The Real Internet of Things. This is the third pillar of that whole schema. THE VERGE HANDS-ON

Nvidia x Intel x86 RTX chips and $5B stock buy TOM'S HARDWARE STORY

China blocks Nvidia AI chips in-country TECHCRUNCH STORY

Configuration as UI is the real fix for YAML pain
Martín Ochoa Gavía nails the take: config files are interfaces, so treat them like UI—with guardrails, schema, tooling—and he points to KSON as the first serious attempt. CONFIGURATION FILES ARE USER INTERFACES | KSON WEBSITE | KSON PLAYGROUND | KSON BETA ANNOUNCEMENT | KSON GITHUB REPO | YAML DOCUMENT FROM HELL

Laser startup raises $10M to burn drones automatically
OODAloop says San Francisco’s Aurelius Systems raised $10M to scale an autonomous laser platform that zaps hostile drones without human help. OODALOOP STORY

Why he’s done buying American software and servicesXD1 argues U.S. consumer protections got so weak he won’t risk American software anymore, citing Louis Rossmann’s cases like Reason disabling legacy activations. XD1 ESSAY | LOUIS ROSSMANN YOUTUBE | REASON STUDIOS ACTIVATION VIDEO | ROSSMANN ANTI-CONSUMER VIDEO 1 | ROSSMANN ANTI-CONSUMER VIDEO 2 | ROSSMANN ANTI-CONSUMER VIDEO 3

He’s done buying American over anti-consumer shifts XD1 ESSAY

Groq raises $750M at a $6.9B valuation TECHCRUNCH STORY

Autonomous home robots are a single‑digit years problem
Dwarkesh Patel grills Sergey Levine on why general robots might hit a self‑improving flywheel soon, with his median for a fully autonomous housekeeper at 2030. FULL SUBSTACK POST | WATCH ON YOUTUBE | APPLE PODCASTS AUDIO | SPOTIFY AUDIO | PI 0.5 PAPER LINK | WHY VLM VIDEO IS HARD

Get out of tech if you’re here for clout
George Hotz basically says if you came for money or status, not love of tech, get out—and his fix is brutal: open-source everything so grifters lose interest. GET OUT OF TECHNOLOGY ESSAY

YouTube is a monopoly we can’t explain
Andrew Anderegg lays out why YouTube feels unbeatable without the usual monopoly reasons—it’s not just infra or content, it’s something deeper and weird. YOUTUBE IS A MYSTERIOUS MONOPOLY | HACKER NEWS DISCUSSION

Rereading turns good books into compounding lenses
Max Girkins makes the simple case that rereading compounds learning, reveals new layers as you change, and sometimes just gives you comfort—and that’s enough. Completely agree with this. For books that I love, I continue to get more out of them each time I re-read them. It's because I'm literally another person each time. REREADING ESSAY BY MAX GIRKINS

Probability doesn’t exist, but it’s still the best tool we have
Andrew Gelman riffs on David Spiegelhalter saying probability isn’t “real,” arguing none of math is “real”—it’s all models we use to reason and improve them. STATMODELING POST | NATURE ESSAY BY DAVID SPIEGELHALTER | GELMAN & HENNIG PAPER PDF

Ants cloning another species for workers LIVESCIENCE ARTICLE

Depression makes it harder to learn active avoidance, not inhibitory avoidance Research shows higher BDI-II scores slow learning to take action to avoid aversive outcomes, especially early on, while withholding action stays intact. ENEURO PAPER

Boring beats hype: small models doing small jobs win
Scott Jenson says the LLM craze cools into something useful: SLMs doing invisible, low-level language tasks that actually work and don’t need to fake intelligence. BORING IS GOOD ESSAY | SCOTT JENSON HOME | HYPE IS A BUSINESS TOOL | THE TIMMY TRAP | MIT REPORT ON AI PILOTS | PAUL DAVID DYNAMO PAPER

More sunlight might be net healthy if you avoid burns
The Economist argues we’ve been over-avoiding sun; moderate exposure likely boosts cardiovascular and immune health enough to offset higher skin-cancer risk—just don’t get burned. ECONOMIST SCIENCE ARTICLE

Companies are getting caught trying to hide jobs from Americans
Rudy Takala shows how firms used gimmicks—mail-only applications, weird inboxes, even legal threats—to dodge U.S. applicants and smooth PERM approvals. One way to see this is that those companies want to abuse foreign workers with lower wages and long hours. But another way to view it is that American’s don’t work as hard or as well as lower-paid foreign workers. I’m sure both are true in various degrees. THE HILL ARTICLE | DOJ META SETTLEMENT | DOJ APPLE SETTLEMENT | APPLE SETTLEMENT PDF | DOL PERM OVERVIEW

Nitazenes are quietly outpacing fentanyl in lethality
The Economist says nitazenes are slipping into drug markets, with some variants hitting way harder than fentanyl and dodging existing controls. ECONOMIST SCIENCE ARTICLE

Phone bans are reviving iPods and cassette players at school
Callie Holtermann shows that phone bans didn’t kill screens—they pushed kids to resurrect iPods, MP3 sticks, and even cassette players as the “legal” workaround. NEW YORK TIMES STORY

Kids are reading less, and they’re feeling it
National Literacy Trust says kids are reading less for fun, and it’s hitting confidence and school performance harder than people think. I’m in the Bay Area and I don’t know many adults that read non-fiction books for fun. My anecdata and other actual data show reading in general declining. I even think the polls are off by a lot. How many want to respond to a poll AND say they’ve haven’t read a book since high-school or college? NATIONAL LITERACY TRUST REPORT | HACKER NEWS DISCUSSION

Finland tops 2025 happiness again, but the gap is shrinking
Laura Begley Bloom covers the 2025 World Happiness Report and, yep, Finland leads again—but other countries are catching up fast. FORBES ARTICLE | HACKER NEWS COMMENTS

Scientists record whole-brain decisions in mice for the first time
Wired says teams captured 500,000+ neurons firing across 95% of mouse brains during decisions. WIRED ARTICLE

Nasa may have found fossil hints in a Martian rock
The Economist says NASA spotted life-like signatures in a Mars rock, but actually proving it means the messy, political fight of getting samples back to Earth. THE ECONOMIST SCIENCE PIECE

Omega-3s might lower myopia risk BJO PAPER

Nicotine boosts attention and memory while wiring in addiction
The Economist breaks down how nicotine sharpens focus and memory in the short term while training your brain to crave the hit. ECONOMIST SCIENCE ARTICLE

A Flipper Zero Geiger counter module that actually works KASIIN BLOG POST

AI cults are forming around fake certainty WISE WOLF MEDIA NEWSLETTER

We still need humans, but the job just moved up a layer
Michael Dempfle says the work doesn’t disappear with AI—it shifts to defining taste, constraints, and judgment while machines do the brute force. TOWARDS DATA SCIENCE ARTICLE

See how unique your browser fingerprint is BROWSER FINGERPRINT DETECTOR

SSH replaces a bunch of “home server” apps ALL YOU NEED IS SSH

A tiny script that gives you a believable escape call
the2ndfloorguy shows a dead-simple Twilio trick: tap “ESCAPE,” your server schedules a call, your phone rings with a fake relative, and you bail guilt-free. So good. SHOW HN POST | THE2NDFLOORGUY X POST

Really loving this book mentioned in UL Chat. So far, it captures well the way I think about this whole thing. It's like I don't know if anything I'm going to do is going to make a difference. But I know that there's a possibility. So why not try?