Unsupervised Learning NO. 502

Hey! Hope you all are doing well!

—

Found a really cool California Wastewater dataset that tracks COVID and Flu numbers. I’ve integrated it into Kai as well so now I can just ask and he’ll go get the latest data. THE DATA AND DASHBOARD

—

About to release a major update to our Personal AI Infrastructure project. Completely redid the filesystem-based context management system. THE REPO

—

Had a great conversation with Quincy Castro at Chainguard. We discussed what kind of security challenges we face when building software we want to build, working with secure software for secure stacks, the role of AI in the future of security and tons more! ^SPONSORED

—

A new blog on magnifying your effective lifespan through attention. READ IT

🗣️LISTEN TO IT

New short blog on UBI and games. READ IT

I’ve been going heavy on David Deutsch lately, and found some wonderful conversations between him and Naval Ravikant. Some of the best intellectual conversations I’ve heard in a long while! THE NAVAL DEUTCH FILES

UK saw double the nationally significant cyberattacks this year The NCSC handled 204 nationally significant incidents in 2024—double the previous year—with 18 hitting essential services and threatening economic growth. UK NCSC ANNUAL REVIEW | THE RECORD ARTICLE

Attackers often don’t have to break in; they’re logging in with AI-boosted identities CrowdStrike’s latest data says 79% of detections are malware-free—attackers just use valid creds—while vishing is up 442% and AI-led identity baselining is cutting lateral movement into seconds. VENTUREBEAT STORY | CROWDSTRIKE THREAT HUNTING 2025 | CROWDSTRIKE GLOBAL THREAT REPORT | CUSHMAN CASE STUDY | CYBERARK MACHINE IDENTITIES

Windows 10 reaches end of support, while still on 40% of devices SECURITYWEEK ARTICLE 🤮

Google launches dedicated AI bug bounty paying up to 30k for flaws Google's new AI Vulnerability Reward Program covers Gemini, Search, and Workspace with bonuses for novel reports. BLEEPINGCOMPUTER ARTICLE | GOOGLE REPORT QUALITY FRAMEWORK | GOOGLE AI REWARD CRITERIA

Apple doubles bug bounty max to $2 million for zero-click exploits Apple's revamped program can pay up to $5 million with bonuses, trying to outbid spyware vendors for critical iOS vulnerabilities. BLEEPINGCOMPUTER ARTICLE | APPLE SECURITY BLOG | SECURITY RESEARCH DEVICE PROGRAM

Chinese hackers weaponized ArcGIS mapping software for year-long stealth access Flax Typhoon turned a legitimate ArcGIS extension into a web shell, then installed a VPN bridge to blend with normal traffic and stay hidden for over a year. BLEEPINGCOMPUTER ARTICLE | RELIAQUEST ANALYSIS

A 13-year-old bug in Redis got a 10.0 severity score The RediShell vulnerability lets attackers escape Lua's sandbox and own the entire host—Over 60,000 instances have zero authentication. CYBER SECURITY NEWS ARTICLE | WIZ RESEARCH BLOG | REDIS SECURITY ADVISORY

Dropzone study shows AI lets SOC analysts investigate faster with better accuracy A Dropzone benchmark with 148 security pros found AI-assisted analysts completed investigations faster and with more detail, while manual analysts slowed down and lost accuracy under pressure. HELPNETSECURITY ARTICLE | HILLARY BARON LINKEDIN NOTE: This is super cool research from Dropzone, which I would have included anyway and they are not sponsoring this newsletter. But I am an advisor for the company, so I just like to be transparent about that kind of thing. Nothing is worse to me than not knowing why someone is saying something.

Taiwan's government networks face 2.8 million Chinese intrusion attempts daily Taiwan's National Security Bureau reports a 17 percent jump in cyberattacks from China, combined with 10,000 fake social accounts spreading 1.5 million pieces of disinformation. THE RECORD ARTICLE | REUTERS REPORT | PROOFPOINT TA415 RESEARCH

China built a barter system to pay Iran for oil that completely bypasses U.S. sanctions and dollar transactions OODALOOP ARTICLE

Zelenskyy says Russia's shadow fleet tankers are doing spy work and sabotage Ukrainian intelligence warns allies that Russia's shadow oil tankers are gathering intel and running sabotage ops across Europe. DW UKRAINE UPDATES

NATO works on drone wall defense against Russian incursions NATO DEFENSE MEETING

Trump cancels Xi meeting and threatens massive tariffs over China's rare earth monopoly According to Tom's Hardware, Trump's ditching next week's summit and warning of serious retaliation after China expanded export controls on minerals critical for chips. TOM'S HARDWARE ARTICLE | TRUMP'S TRUTH SOCIAL POST

German spy chiefs warn Russia could escalate to direct NATO confrontation Germany's intelligence leaders say Russia won't shy away from military confrontation with NATO to achieve broader European influence, while Hamas maintains active infrastructure in Germany. GERMANY INTELLIGENCE BRIEFING

BYD turns the UK into its first big overseas beachhead According to the BBC, BYD’s UK sales jumped 880% in September—driven by its cheap plug-in hybrids, no UK tariffs on Chinese EVs, and 100 local retail locations. Yes, it’s in the National Security section. BBC STORY | SMMT EV RECORD CONTEXT

OpenAI will let ChatGPT do erotica for verified adults TECHCRUNCH ARTICLE

Realm Security raises $15M for AI that filters security data so SOCs only see what matters Their platform uses AI to process security info in real-time and cuts out the noise automatically. SECURITYWEEK ARTICLE | REALM.SECURITY SITE

Suspect in LA's Palisades fire caught partly through dystopian burning city images he made on ChatGPT Jonathan Rinderknecht generated AI images of burning cities months before allegedly starting the fire that killed 12 and caused $150 billion in damage. BBC NEWS STORY

Building AI agents is 5% AI and 100% software engineering. MARKTECHPOST ARTICLE

Bank of England says AI stock valuations now match dotcom bubble peak levels The BoE's Financial Policy Committee warned this is their strongest caution yet about AI-driven market risks, saying a sharp correction could seriously impact Britain's financial system. BANK OF ENGLAND OCTOBER REPORT | ARS TECHNICA STORY | REUTERS COVERAGE

AI economics look brutal but token usage is absolutely exploding The Wall Street Journal notes that while AI profitability is unclear, token demand is soaring fast, which might be the key signal to watch. It's an interesting perspective: if the demand is there, that's product-market fit, right? WSJ ARTICLE

Traffic lights might add a white light for when autonomous cars control intersections NC State researchers propose a fourth light color that signals when self-driving cars are coordinating traffic flow, so human drivers just follow along. NC STATE WHITE LIGHT PROPOSAL

China's cybersecurity regulator tells firms to avoid Nvidia's newest chips WSJ ARTICLE

AI is flattening org charts while expanding executive spans of control Companies are cutting middle management layers and making teams leaner, but executives at the top now oversee way more people than before. WSJ ARTICLE

India's small towns are becoming the data labeling factories for global AI Rural Indian workers are training ChatGPT and facial recognition by transcribing audio and labeling images, and firms say it'll grow to 100 million AI jobs. But for how long. BBC ARTICLE

Examples beat traditional docs because people learn by copying working code Rakhim argues most devs just want to copy-paste something that works and modify it, not read theory first. RAKHIM'S ARTICLE | HN DISCUSSION

Tech companies use apps to create cartels that would be illegal offline Cory Doctorow argues apps let companies coordinate price-fixing and labor suppression in ways that'd get you arrested if done with phone calls. DOCTOROW'S ARTICLE | CORY DOCTOROW | HN DISCUSSION

Hamas releases the last 20 living Israeli hostages after two years Trump declared the Gaza war over in Israel's parliament while Hamas freed hostages and Israel released nearly 2,000 Palestinian prisoners in a ceasefire deal. NPR STORY

AI will widen the gap between superstars and everybody else Interesting piece by WSJ about how some companies worry workplace tensions will spike because top performers extract way more value from AI tools than average workers do. WSJ ARTICLE

Pharma companies are racing to create pill versions of Ozempic Big pharma's scrambling to turn GLP-1 injections into pills because people hate needles and the oral market could be worth tens of billions annually. WSJ ARTICLE

150 unvaccinated kids quarantined 21 days in SC measles outbreak. MEASLES OUTBREAK ARTICLE

New nanoparticles restore brain barriers and clear Alzheimer's plaques in mice A team from IBEC and WCHSU created bioactive nanoparticles that fix the blood-brain barrier itself, which then naturally clears amyloid-β—reversing cognitive symptoms in older mice. NATURE STUDY | DRUG TARGET REVIEW ARTICLE | IBEC HOMEPAGE | WCHSU HOMEPAGE

America's worst students just hit their lowest test scores in 50 years THE ATLANTIC ARTICLE

Senate staff predict AI could replace half of many workforces A Senate HELP Committee staff report says nearly 100 million U.S. jobs could be automated in a decade—driven by AI hitting service roles first and then moving into other areas. 100 million seems high to me, but not that high. The bigger point is that even a moderate fraction of that will have a massive impact on the economy. THE HILL STORY | SENATE REPORT PDF | SANDERS OP-ED

Forty percent of fatal-crash drivers had active THC, legalization didn’t matter According to the American College of Surgeons (link), 41.9% of deceased drivers in an Ohio county had active THC—averaging 30.7 ng/mL—and that rate didn’t budge after legalization. SCIENCE DAILY REPORT

Like putting on glasses for the first time—how AI improves earthquake detection ARS TECHNICA ARTICLE

Men and women who are equally gifted create different but equally satisfying lives In a study by David Lubinski and colleagues, men prioritized career advancement and creating impact, while women valued flexibility and community—leading to different paths but identical happiness levels. STEVE STEWART-WILLIAMS ARTICLE | STEVE'S TWITTER | LUBINSKI ET AL PAPER

Notes on switching to Helix from vim JULIA'S HELIX NOTES

Vite+ combines dev, build, test, lint, format, and caching in one dependency. VITE+ WEBSITE

A live-updating feed for Hacker News stories and votes. HN LIVE FEED TOOL

Uv overtakes pip in CI for a company at 66% usage Wagtail's seeing uv hit 66% of CI downloads vs pip's 34%, which means they're considering switching their default install docs from pip to uv. Such a positive thing to hear. I am off of Python now, but honestly, UV solves 80% of its problems. WAGTAIL BLOG POST | WAGTAIL README | WAGTAIL PROJECT TEMPLATE | DOWNLOADS ANALYSIS DATA | PYPI DOWNLOAD STATS GUIDE

I've tested free vs. paid AI coding tools - here's which one I'd actually use ZDNET ARTICLE

Look into David Deutsch’s conversations with Naval. Some of the best thinking—on certain topics anyway—that I think can really level people up. And consider subscribing to Naval’s podcast. He does crisp little concept ideas like I've been doing and just did myself on the podcast and blog. I think the format and content is quite good for people today. THE NAVAL DEUTCH FILES | NAVAL’S PODCAST