Unsupervised Learning NO. 501

Got a shoutout from Bruce Schneier for my SPQA / Context architecture, which I thought was pretty cool! DANIEL MIESSLER ON THE AI ATTACK/DEFENSE BALANCE

—

My new blog on the whole “AI Bubble” debate…

—

I’m surprised—but I guess not surprised—by how many different AI platforms I use on a regular basis. Here’s my current list, roughly in order.

Absolutely loving the Natural Reader Chrome Extension. As always, no sponsorship unless I say otherwise. It lets me listen to web text content with full control over the voice and speed and such. For example, when Anthropic or OpenAI put out new articles on how to use their tech, or opinion pieces on Context Engineering or whatever, I like to listen—sometimes multiple times—to the content via audio to soak it in. THE EXTENSION | NEW CONTEXT ENGINEERING POST BY ANTHROPIC

—

Been reading Pinker’s new book about Common Knowledge. It’s broadly about shared knowledge and collaboration. It’s one of those books where I’ll have to reread sections multiple times. I like those. Advanced thinking in this one. Highly recommended. THE BOOK

—

UK universities got hammered; half of businesses got hit too 91% of UK universities and 43% of businesses reported cyber attacks, with incidents ranging from JLR ransomware to nurseries extorted with kids’ photos.

Starting to see this type of analysis everywhere where it just looks/feels like defense is losing. Assuming the trend is correct, I wonder what the main reason is. Being AI-minded, my brain immediately jumps there, but something tells me there are many other causes happening at the same time. Some ideas:

TOM'S HARDWARE STORY | UK GOVERNMENT SURVEY | JLR RANSOMWARE INCIDENT | BBC NURSERY EXTORTION STORY

Related to the above: where are all the AI attacks? I talked about this before, but I'm curious what people think the metrics are that we should be looking for to indicate that AI is being used in attacks. Some ideas:

What are your expected metrics?

My general thought is that we shouldn't be looking for "AI attacks" because AI attacks mostly don't really exist except for prompt injection. What we should instead be looking for is more sophistication, speed, and scale of existing types of stuff.

Thoughts? OPINE

Cybersecurity workers are burning out faster as attacks become relentless According to BBC News, cyber professionals are working around the clock defending against increasingly aggressive hackers (using AI?), with job satisfaction dropping and many suffering from chronic stress and exhaustion. I think it's not just the constant attacks, but the fact that it's hard to make changes to the company that would make defense easier—because of the Efficient Security Principle. BBC NEWS ARTICLE | ISC2 WORKFORCE STUDY

Discord support breach exposes IDs, IPs, and partial billing info A third-party Zendesk hit let attackers pull support tickets—think real names, emails, IPs, even ID photos for some—plus a ransom demand. BLEEPINGCOMPUTER REPORT | DISCORD STATEMENT | VX-UNDERGROUND POST | ALON GAL COMMENT | SHINYHUNTERS SALESFORCE CLAIM | SHINYHUNTERS LEAK SITE NEWS

Anthropic improves Sonnet’s blue capabilities Anthropic shows Claude Sonnet 4.5 beating their flagship Opus 4.1 at finding and fixing vulnerabilities. The model discovered new bugs in 33% of projects when given multiple attempts. ANTHROPIC RESEARCH | FRONTIER RED TEAM | CYBENCH BENCHMARK | CYBERGYM EVALUATION | DARPA AI CYBER CHALLENGE

Scans targeting Palo Alto Networks devices surge 500% GreyNoise spotted over 1,200 IPs probing GlobalProtect and PAN-OS portals on October 3rd—way above the usual 200 daily scans—with 91% flagged as suspicious. BLEEPINGCOMPUTER ARTICLE | GREYNOISE ANALYSIS | GREYNOISE GRAFANA REPORT

Germany's seeing near-daily attacks on airports, trains, and infrastructure from drones, cyberattacks, and sabotage WTAH. Germany's intelligence services say critical infrastructure gets hit almost daily now, with Russia suspected in most cases but left-wing extremists also blamed for some railway sabotage. DW NEWS STORY

Chicago gets a 15-mile drone no-fly zone during federal immigration raids The FAA just banned all civilian drones across a massive 15-mile radius around Chicago at DHS request, covering way more area than typical security restrictions. The ban runs through October 12th during "Operation Midway Blitz" where hundreds of federal agents are conducting immigration raids that have already led to nearly 1,000 arrests. THE WAR ZONE ARTICLE | FAA TFR DETAILS | WGNT ON ICE PROTESTS | NYT COVERAGE | DRONEXL ANALYSIS

Europe's rushing to build a drone defense system by 2030 after Russia's hybrid attacks Denmark's PM says they've underestimated the Russian threat, and Ukraine's experience might be their best teacher. DW NEWS STORY

Sholto argues my continued position that we’re nowhere near an AI plateau Lots of good stuff here. Especially love his observation that we should expect massive wins and gains because we know for certain that everything we’re doing is haphazard and the result of duct tape and trial and error. This is what I’ve been calling “Slack in the rope” since 23. VIDEO

Anthropic released some great new articles. Of all the main labs, they put out the best content, keeping us up-to-date on their new stuff, and why they’re doing what they’re doing and how they think about things.

Apple kills Vision Pro overhaul to chase Meta's smart glasses Apple's shifting engineers from Vision Pro to AI smart glasses that'll compete with Meta's products. They're building two versions: basic iPhone-paired glasses coming 2027, and display-equipped ones to rival Meta's Ray-Ban Display. BLOOMBERG REPORT | TECHCRUNCH COVERAGE | META RAY-BAN DISPLAY

Daniel Stenberg fixes 22 curl bugs found by AI-powered code analysis Daniel Stenberg reports that Joshua Rogers sent a massive list of curl issues discovered using AI-assisted tools, leading to 22 fixes already with more than double that still to review. DANIEL'S MASTODON POST

a16z finds startups are buying tons of different AI tools, not just ChatGPT a16z's AI Spending Report shows startups aren't consolidating around one or two AI products—they're buying from 50+ different companies. A16Z AI SPENDING REPORT | TECHCRUNCH ARTICLE | A16Z TOP 100 CONSUMER APPS

Anthropic maps how different places use AI completely differently Anthropic released their third Economic Index showing massive geographic differences in AI usage—Hawaii uses Claude for travel planning while Massachusetts focuses on scientific research, and businesses automate 77% of tasks versus consumers' 49%. ANTHROPIC ECONOMIC INDEX | FULL REPORT | INTERACTIVE DATA EXPLORER | OPEN DATASET

Lufthansa is cutting 4,000 admin jobs by 2030 using AI and digitalization The German airline says AI will eliminate duplicate work and make processes more efficient, focusing cuts on administrative rather than operational roles. DW NEWS STORY

Anthropic renames their Claude Code SDK to Claude Agent SDK Anthropic realized their coding SDK works great for non-coding agents too—renaming it to Claude Agent SDK to reflect this broader vision. I'm really happy with this direction, and I wonder when they're going to rename Claude Code to Claude Agent or something like that as well. ANTHROPIC AGENT SDK ARTICLE | BUILDING EFFECTIVE AGENTS | CLAUDE CODE | MODEL CONTEXT PROTOCOL | SDK DOCUMENTATION | MCP SERVERS

How to actually influence company politics as a staff engineer Sean Goedecke explains that influencing tech company politics isn't about grand strategies—it's about being the person who shows up to meetings, writes the docs, and does the unglamorous coordination work that nobody else wants to do. SEAN'S POLITICS GUIDE | HACKER NEWS DISCUSSION

Google will merge ChromeOS into Android by 2026 Google confirmed they're merging ChromeOS and Android, with Android becoming the main OS for both phones and laptops by 2026. THE REGISTER ARTICLE | YOUTUBE VIDEO | CHROMEBOOK SCHOOL SALES | GOOGLE AI STRATEGY

Overthinking your code is killing your productivity Anton Zhiyanov argues that developers waste too much time trying to write perfect code instead of just getting something working first. He says write the simplest thing that works, then iterate—because most "elegant" solutions end up being overengineered anyway. I see it, but I could easily argue the opposite as well. And many do. ANTON'S BLOG POST | HACKER NEWS DISCUSSION

AI is already writing 90% of the code for some developers Armin Ronacher shares how AI now writes over 90% of his infrastructure code—he still owns every line but lets Claude and Codex handle the grunt work while he focuses on architecture and quality. ARMIN'S AI CODE EXPERIENCE | DARIO AMODEI PREDICTION | ARMIN'S PREVIOUS AI POST | TESTCONTAINERS PROJECT

Private equity, including Saudi Wealth Fund, is buying EA for $52 billion EA's getting acquired in what would be the biggest private equity buyout ever. NBC NEWS STORY | HACKER NEWS DISCUSSION

Software engineering isn't a ladder, it's a climbing wall with many routes Mahahdron argues that improving as a software engineer isn't linear—after the basics, paths diverge wildly from compiler optimization to organizational politics, so they propose a taxonomy of skills like debugging, data persistence, and human communication to help developers climb. GETTING BETTER AT PROGRAMMING | MADHADRON HOME

AOL kills dial-up internet after 34 years TOM'S HARDWARE ARTICLE

Fermi hits almost $22 billion valuation on its first trading day Data center startup Fermi America jumped over 50% to nearly $33 per share in its Nasdaq debut, showing investors are still crazy about AI infrastructure plays. THE INFORMATION ARTICLE

Developer shows how to block 26 million curl requests per second using XDP FoxMoss demonstrates building a packet filter that fingerprints and blocks TLS connections at the kernel level. The approach uses XDP (Express Data Path) and eBPF to identify clients by their TLS cipher suites, achieving speeds that can handle 26 million packets per second on consumer hardware. FOXMOSS ARTICLE | GITHUB REPO | JA4 FINGERPRINTING | ANUBIS BOT DETECTION

Gold breaks $4,000 as people look for certainty Gold just cleared $4,000 for the first time. WALL STREET JOURNAL STORY | HACKER NEWS COMMENTS

Computer science grads can't find jobs anymore, even from top schools UC Berkeley Professor Hany Farid says his CS students used to get five internship offers and graduate with multiple job offers, but now they're lucky to get one. It's not just AI causing this—something bigger is happening in tech, and he's telling students to get good at many things instead of going deep on one specialty. BUSINESS INSIDER ARTICLE | PARTICLES OF THOUGHT PODCAST | HANY FARID PROFILE

Social isolation and toxic online culture may be creating violent young men Derek Thompson explores how lonely young men spending excessive time online get radicalized by negativity, extremism, and "salad bar" ideologies that mix random grievances into violent worldviews. DEREK'S ARTICLE | PLAIN ENGLISH PODCAST | VAN BAVEL INTERVIEW | ATLANTIC LONELINESS PIECE | NEED FOR CHAOS STUDY

US private companies cut 32,000 jobs in September amid government shutdown The US private sector lost 32,000 jobs last month according to ADP, way worse than the 45,000 gain economists expected. MORNING BREW ARTICLE | CNBC COVERAGE

MIT researchers model human behavior as scripts rather than complex reasoning MIT researchers developed ROTE, which treats everyday human actions like predictable code snippets—"wait for green light, then go"—instead of assuming complex decision-making, beating existing methods by 50%. ARXIV PAPER

Scientists convert skin cells into eggs ECONOMIST ARTICLE

Germany added 550,000 balcony solar systems by making them stupid easy to install Plug-in solar panels that anyone can buy at a supermarket for $550 are letting apartment renters generate their own power without needing permission or an electrician. GRIST ARTICLE

Chinese scammer caught with £5bn in bitcoin BBC NEWS ARTICLE

FICO will now sell credit scores directly to lenders FICO announced it'll bypass credit bureaus and sell scores straight to mortgage companies for $10 flat or $4.95 plus $33 if the loan closes, cutting costs by 50%. MORNING BREW COVERAGE | CNBC REPORT

Hundreds of climbers rescued from Everest after blizzard traps them at base camps A freak blizzard on Everest's Tibetan side stranded around 1,000 climbers—350 rescued so far, with 200+ still waiting at camps around 16,000 feet. DW NEWS STORY | CHINA COVERAGE | NEPAL FLOODING | EVEREST HEIGHT MEASUREMENT | EVEREST DEATH RATES

California limits HOA fines to $100 per violation CALMATTERS ARTICLE

Talent is just spending time on things you naturally want to do Przemysław Alexander Kamiński argues that talent isn't innate ability—it's simply time spent doing something because you're naturally drawn to it. He plays piano 1-3 hours daily despite no formal training, and people call him talented after just one year. TALENT IS ALIGNMENT | PRZEMYSŁAW'S GITHUB

Credit markets are showing signs of dangerous overheating The Economist reports that credit markets are flashing warning signals as spreads tighten to historic lows and investors take on increasingly risky bets. THE ECONOMIST ARTICLE | HACKER NEWS DISCUSSION

Countering disease Wonderful long podcast on how to protect against the next pandemic, whether it’s AI-caused or not. This guy Andrew is brilliant. THE VIDEO

We're drowning in abundance but act like we're starving Joan Westenberg argues that we've created more food, knowledge, and energy than ever before in human history, but we're psychologically stuck in scarcity mode. We're victims of ourselves, not the system. JOAN'S ABUNDANCE ESSAY

ElastoMaskPro combines reusable respirator design with N95 filter convenience I ordered a ton of these after seeing them on a YouTube video. I’m getting some of the spray stuff too. ELASTOMASKPRO RESPIRATOR

Agentic context beats prompts when building reliable, improving agents. HOW TO PERFORM EFFECTIVE AGENTIC CONTEXT ENGINEERING

Solar is now the EU's biggest electricity source ELECTREK REPORT

Social anxiety isn't about being liked—it's about losing control Chris Lakin argues that social anxiety comes from fearing you'll lose control and do something embarrassing, not from wanting people to like you. CHRIS LAKIN'S ESSAY | HACKER NEWS DISCUSSION

Scholars catalog McCarthy's 20,000-book library SMITHSONIAN ARTICLE

Databricks launches cybersecurity platform DATABRICKS ANNOUNCEMENT

Billionaire productivity hacks won't work for you because context matters Joan Westenberg explains why copying billionaire morning routines is pointless—their advice assumes you have assistants, no commute, and total control over your time. JOAN'S ARTICLE

DIY air purifier gets measured for real performance MEASURING DIY AIR PURIFIER

Three WireGuard topologies for home hosting GARRIDO'S WIREGUARD GUIDE

Originality is bullshit because everything good is just a remix Joan Westenberg argues that chasing originality is creativity's biggest scam—Shakespeare stole plots, Jobs remixed Xerox, and every viral TikTok is just iterations on iterations. JOAN'S ORIGINALITY ESSAY | JOAN'S SUBSTACK

Belief beats discipline for actual change. JOAN'S BELIEF ESSAY

Murati's startup launches Tinker for model finetuning THE INFORMATION ARTICLE

Pre-record your demos to avoid failures. STEVE'S BLOG POST

The more the world changes, the more often you need to ask yourself who you are and what you are trying to achieve.

If you're a parent, then the answer is probably pretty clear: you're trying to make your kids successful. But that really just bumps the question one level down to helping them figure out the answers to those same questions.

Revisit these as often as you need to—say quarterly—if necessary. But at least twice a year.