UL NO. 452: The New Hotness: NotebookLM

SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.

Book club this weekend was spectacular! We had a bunch of new faces and the discussion was really good. We picked the next book, which is a Classic—as per the rotation—and we selected The Republic, by Plato. With the politics / election theme and all. JOIN THE NEXT BOOK CLUB
Currently reading The Fabric of Reality and The Beginning of Infinity by David Deutch. Brilliant. Although a bit annoyed that it took me this long to find these books.
About to go heads-down on content (video) creation. 💺Expect lots of new videos in the next few weeks!

Join Dropzone AI For its Debut of the Monthly Product Showcase Webinar

SECURITY

CISA is warning that brute-force attacks using default credentials against ICS/SCADA systems are on the rise. These attacks are particularly targeting the Water and Wastewater Systems (WWS) sector, posing a real threat to water treatment and distribution processes. MORE

Related to that, Fortinet’s recent survey of over 550 OT professionals worldwide reveals a sharp increase in OT attacks, with 73% of businesses experiencing them this year compared to 49% in 2023. MORE

💡One narrative around this is that it’s China preparing for a potential kinetic conflict with the US.

So basically, right before (or during) the kinetic attack on Taiwan, they would hit the US with all sorts of infra attacks, messing with power, internet, and other critical services.

I don’t know how true that is, or what the scale is, but it seems both logical and obvious that they would want this kind of capability.

Get the No B.S. Guide to building a strong cybersecurity program in 90 days! (No email required)

China has reportedly achieved a significant AI milestone by developing a generative AI model that operates across multiple data centers and GPU architectures. This breakthrough is particularly impressive given the challenges of integrating different GPUs, especially amid U.S. sanctions that limit access to high-performance chips.

💡We have to remember that in most things Security/AI we’re not playing PvP against China. It’s PvE. There are certain things that are X amount of difficult for China to do with AI that we really don’t want them to be able to do.

Continuously crawling all our attack surface and identify vulnerabilities
Write exploits for whatever they find
Actually exploit them, and extract data / secrets
Control their population
Launch disinformation / malicious propaganda at us
Create products that do this for their allies
All completely automated, using billions of AI agents

The only way this is a PvP conflict with the US is that we need to be improving our defensive AI to be able to counter these capabilities. But the point about PvE is that us having better AI doesn’t stop them from being able to launch the attacks.

Another way to think this is that we will eventually lose the Prevent part of Prevent, Detect, and Respond lifecycle. We’ll still be able to Detect and Respond if we have AI that’s as good or better. But right now the US is trying to keep that Prevent piece going as long as possible.

It won’t hold forever. As we see with the article above. So like Leopold talked about in his essay, we need to get to AGI and ASI first, and ideally with as much of a headstart as possible.

Worldcoin is addressing the issue of bots and deepfakes with a decentralized identity system that confirms if someone is human without storing personal data. Developed by Tools for Humanity, the system uses a double iris scan to create a World ID, which is stored on the Worldchain blockchain, an Ethereum Layer 2 solution. MORE

💡So we’re starting to see some practical uses for Worldcoin, which has been largely in the shadows. Interesting use-case for blockchain. Maybe.

I mean, we know validation of humans and being able to tell us apart from bots is going to be essential, so I guess this is pretty cool. But I’m still in the skeptical camp because I don’t feel like we’re getting full transparency on the scope of the goal(s) for the Worldcoin project.

A Chinese attacker group, tracked by Microsoft as Salt Typhoon (also known as FamousSparrow and GhostEmperor), is targeting Cisco Systems routers to establish a persistent presence in networks. MORE

The U.S. has charged three Iranian nationals, allegedly linked to the IRGC, for hacking into accounts of U.S. officials and political campaigns. They say the campaigns are part of Iran’s broader efforts to sow discord and avenge the death of Qasem Soleimani. MORE

T-Mobile is getting hit with a $15.75 million fine from the FCC after a long series of data breaches. The company is investing that same amount into cybersecurity as part of the settlement/fine. MORE

🫶🏼Some big love to Matt Johansen for launching his new news service on Vulnerable U! The link above points to him!

My prediction is that he’s going to become the go-to source for new stories and coverage of cybersecurity, and I’m going to be linking to him more and more as that happens instead of the standard sources. The new posts also have audio as well!

Matt is a true cybersecurity expert, AND he can write! A rare combination, and I can’t wait to see it develop in the coming days and weeks! VULNERABLE U

The US Commerce Department is proposing a ban on some Chinese and Russian automotive hardware and software, basically saying it’s a way for adversaries to get footholds into US systems and infrastructure. Hard agree. MORE

Ukraine reportedly found Starlink terminals in a downed Russian Shahed drone, marking a potential upgrade to these kamikaze drones used against Ukrainian cities. MORE

LLM-based Hacking Assistance — Large Language Models (LLMs) are helping attackers and defenders automate tasks like vulnerability detection and fuzzing, traditionally requiring significant human expertise. Tools like OSS-Fuzz-Gen and PromptFuzz are leveraging LLMs to enhance fuzz testing, with PromptFuzz even generating harnesses for API sequences to detect complex vulnerabilities. Google Project Zero’s Project Naptime is going further by using LLMs to automate vulnerability discovery and exploitation. MORE

Telegram is now going to start handing over phone numbers and IP addresses of criminal suspects when they receive legal requests. This is the fallout from the CEO getting arrested, and lots of people are now leaving the platform. MORE

Security researchers found a way to remotely control millions of Kia vehicles using just a license plate number, thanks to vulnerabilities in the Kia dealer portal. By exploiting these flaws, they could create a fake dealer account, access customer data, and even demote the rightful vehicle owner to take control. MORE

AI / TECH

The biggest AI hype in the last week has been around NotebookLM, which is a Google AI project. It’s basically an interface for interacting with content that you provide. So think like Live RAG, but where you can do all sorts of operations on the content, like creating PDFs, etc.

Here I uploaded my Alma.md file describing a Security Program for Alma Security, which is part of a framework called TELOS that I’m releasing soon. Basically, it’s the soul of a whole Cybersecurity Program for a company, including mission, goals, team, budget, risk register, tech stack, etc.

And what NotebookLM lets you do is interact with that file (program) in lots of different ways. Here’s a screenshot of what it does out of the box.

Pretty compelling project, and I definitely recommend you hack around on it for at least a few minutes. Take something you know well and upload it and tinker.

Interacting with a Security Program using NotebookLM

Newsom vetoed the California AI bill, saying it was too restrictive. I think he made the right call. The bill was largely correct, but just applied to too many things that weren’t dangerous. Hoping to see a better-written version soon. MORE

California has made it illegal to use AI to impersonate actors without their consent, extending protections to all Californians and not just those in Hollywood. MORE

YouTuber Jeff Geerling discovered that his voice was AI-cloned by a company called Elecrow, which used it to narrate videos without his consent. After being tipped off by a subscriber, Geerling confronted Elecrow, who apologized and blamed the incident on a staff member’s attempt to boost video popularity. MORE

Convergence AI, co-founded by Marvin Purtorab and Andy Toulis, has raised $12 million to develop “Proxy” agents with long-term memory, aiming to create a general class of agents that can adapt to various tasks. MORE

Meta just launched Llama 3.2, their latest large language model that can now handle both images and text, competing with OpenAI and Anthropic who both have multi-modal models. The new models, available in various sizes, can understand charts, graphs, and even respond in celebrity voices like Dame Judi Dench and John Cena across platforms like WhatsApp and Messenger. MORE

If you haven’t tried ChatGPT Advanced Mode yet, you should get on that. Try talking to it about anything, asking it questions, and my current favorite—having it teach you things. I recently had it teach me Chinese history in the style of Dan Carlin from Hardcore History, and it was REALLY good. MORE

Hugging Face just hit a major milestone by surpassing 1 million AI model listings, highlighting the explosive growth in machine learning. The platform, which started as a chatbot app in 2016, has evolved into a hub for a diverse range of AI models, from Llama to Stable Diffusion, and emphasizes the importance of fine-tuning models for specific tasks. CEO Clément Delangue points out that the platform’s success is driven by the customization of models for unique use-cases, with a new repository being created every 10 seconds. MORE

Anthropic is in early talks with investors about a new funding round that could value the company at $30 to $40 billion. They’re reportedly on track to hit $1 billion in annualized revenue by the end of this year, which means they’re pulling in about $83 million a month. MORE | MORE

Google has rolled out two new production-ready Gemini models, which come with reduced pricing for the 1.5 Pro version and increased rate limits. MORE

💡It’s crazy how it’s just a constant stream of model updates now from the main players.

It’s either much smarter models, or models that are able to do new things, or models that are like 2x, 5x, or 100x cheaper. Or all of the above.

And the competition is keeping this speed of updates very high.

Ilya Sutskever’s AI reading list, originally compiled for John Carmack, has gone viral for its claim that mastering it covers 90% of what matters in AI. The list includes 27 items, from papers to courses, covering topics like Convolutional Neural Networks, Recurrent Neural Networks, Transformers, and Information Theory. MORE

This article suggests that Agile’s original principles have been lost in translation, leading to a rigid, bureaucratic process that stifles innovation. MORE

The article explores how AI is disrupting the traditional ad-supported internet model, which has long made content feel free by monetizing our attention. As AI tools like ChatGPT and Perplexity provide direct answers and perform tasks, they bypass traditional ad channels, threatening the funding of commoditized content. This shift could lead to a more transactional internet, with premium content thriving and new monetization models emerging, such as charging AI companies for content access and developing new forms of advertising. MORE

It soon won’t be us going to do things directly.

It’ll be our AIs going to do things on our behalf, and that’s going to have a profound impact on the whole internet. And business. Basically everything. But especially things like search engines that are designed to be used by people.

Human → Your Personal DA → APIs

SpaceX’s Starlink is about to hit 4 million subscribers, marking a rapid growth from 3 million in May and 1 million in December 2022. The service, which now operates nearly 6,000 satellites and is available in almost 100 countries, is projected to generate $6.6 billion in revenue this year. MORE

💡This is why I base so much of my investment and prediction on leaders and ideas. Leaders like Elon, and Jobs, and Jensen, and Zuckerberg are basically beasts of both vision and execution.

Doesn’t mean they’ll win. But be weary of betting against them.

Smart TVs from Samsung and LG are taking snapshots of what you’re watching multiple times per second, even when used as external displays for laptops or consoles. MORE

rPlus Energies has started a $1 billion solar and battery storage project in Utah, known as the Green River Energy Center. It’ll be 400 MW of solar power and a 400 MW/1,600 MWh battery storage system, with solar panels from EliTe Solar and battery storage from Tesla. Cool, let’s do 100 more. MORE

“The White Collar Apocalypse Is Nigh” talks about the decline of the status economy and the impact of AI on job markets, juxtaposing views from Sam Altman and Isabella Glassman. It highlights the pressure on students to secure prestigious careers, despite diminishing opportunities in tech and finance, and questions how AI will change this calculus. MORE

Meta’s Orion AR glasses are a big upgrade in AR wearables, but I don’t think Zuckerberg is right about glass replacing phones by 2030. Multiple reasons. MORE

There’s a Hacker News thread where people are sharing their experiences about whether having a personal website helped them get hired. The discussion includes various perspectives, with some users saying it was a significant factor in landing jobs, while others found it less useful. I personally think it’s a must. And more than ever. MORE

HUMANS

California’s new Phone-Free School Act, signed by Governor Gavin Newsom, mandates that all schools in the state limit cellphone use by July 1, 2026, with exceptions for emergencies and specific permissions. Such a wonderful piece of human progress, and congrats to Jonathan Haidt for helping make this happen with his latest book. MORE

Researchers, including Wang, S. et al., have developed a method that uses stem cells to regenerate insulin-producing cells, effectively restoring the body’s ability to regulate blood sugar levels. MORE

ExxonMobil is facing a lawsuit from California for allegedly misleading the public about the recyclability of plastics, claiming the company has perpetuated a “myth” that recycling could solve the plastic waste crisis. MORE

California’s new law, Assembly Bill 2863, is set to make subscription cancellations as easy as signing up, requiring companies to offer one-click cancellation options if they provide one-click sign-ups. MORE

Over 10,000 books were banned in US public schools from 2023 to 2024, a significant jump from the previous year, as states like Florida and Iowa passed new censorship laws. MORE

Steve Jobs had this thing called the 10-Minute Rule, where he’d give himself just 10 minutes to tackle a problem or task. The idea is that by setting a short time limit, you reduce procrastination and increase focus. MORE

Maria Popova explores the profound curiosity and love of Henry David Thoreau as he encounters a screech-owl in the wild. MORE

IDEAS

Everything Is Going Behind a Paywall
One thing I’ve been thinking a lot about recently is the death of the open internet. I think so much is about to be paid and/or behind authentication. This is for multiple reasons. One is because content creators need to make money, and other people are making money on their stuff when it’s getting crawled. Another is making sure it’s real people reading the content. It’s quite interesting to think about what this looks like when most of the internet is like this. It’ll be somewhat expensive to even consume what’s out there—especially for the best content. And if you want to hit it for free, you’ll still have to auth, but you’ll have to provide something. Like your browsing and preference data, for example. It’s going to be interesting, and in many cases pretty gross.

Dynamic Content (and Education)
So this dynamic podcast generation thing has me thinking again about my Dynamic Content Summaries post I did a while back.

The idea was that rather than taking content directly from sources in the future, our AIs will be consuming the content for us and then recreating a version for us based on how much time we have, the presenter we like the most, and the format we like the most.

Well I just got mind-slammed by a follow-on idea!

This is likely to be the future of education.

Think about it. The content is not the hard part. The knowledge is out there. It’s about having the right delivery, in the right format, from the right presenter, at the right time, in the perfect duration.

And that’s what Dynamic Content Generation will do. And not only will it customize for the preferences of the receiver, but also their strengths and limitations! So, learning disabilities, language strengths, etc.

Holy crap. I really think that anyone who’s working on disrupting education needs to head in this direction very soon, or risk getting disrupted themselves.

DISCOVERY

Ax Framework — This extension of Axios is a must-see for bug hunters and penetration testers, letting you efficiently manage cloud environments. It supports multiple cloud providers like Digital Ocean, IBM Cloud, and AWS, allowing you to deploy fleets of instances for large-scale scanning operations. MORE

The Russian APT Tool Matrix — BushidoToken has released a new tool matrix focusing on Russian APT groups, detailing the tools used by GRU, SVR, and FSB-affiliated threat actors. The matrix highlights the reuse of tools like Mimikatz, Impacket, PsExec, Metasploit, and ReGeorg, with ReGeorg being particularly notable for its limited use by ransomware gangs. MORE

MerkleMap — A subdomain search engine that helps you discover subdomains for a given domain, which can be useful for security research and penetration testing. It’s a handy tool for anyone looking to map out the attack surface of a target domain. MORE

Gungnir is a command-line tool written by my buddy Gunnar in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. MORE

Microservices are Technical Debt — This video argues that microservices, while popular for scaling, often introduce significant technical debt. MORE

Be Someone Who Does Things MORE

It’s Lists All the Way Down MORE

The US government is now publishing tide sensor data to show sea-level rise. Love this kind of transparency because it’ll let regular people (and researchers) do their own collection and analysis. MORE

Comedy is Search — This post dives into the mechanics of comedy, proposing that humor is all about finding unexpected connections between unrelated patterns. Which is precisely why I think AI is about to get really good at it. MORE

Critical Mass and Tipping Points — This article dives into the concept of critical mass, explaining how small changes can lead to significant shifts once a tipping point is reached. It explores examples from various fields, including physics, social dynamics, and technology. MORE

Semantic Chunking for RAG — There’s a new approach to semantic chunking in Retrieval-Augmented Generation (RAG) that uses the “shape of stories” to improve chunking accuracy. The method involves identifying jumps in latent space to determine context changes, which helps in creating cleaner topic divisions compared to existing frameworks like LlamaIndex. An API is being released for users to test this chunking strategy, and a comparison with LlamaIndex shows more precise topic separation. MORE

Flipper Zero Firmware — This open-source firmware unlocks more of the potential of your Flipper device, and it’s written in C, with some C++ and armv7m assembly. MORE

MTA Open Data Challenge — The MTA is inviting developers and data enthusiasts to participate in their Open Data Challenge, which aims to leverage public transit data to create innovative solutions for New York City’s transit system. MORE

Paul Graham addresses the question of whether to “follow your passion” in his essay, arguing that the answer isn’t a simple yes or no. MORE

Compress JPG — This tool lets you compress images securely, ensuring your JPGs are optimized without compromising privacy. It’s designed to handle your images with care, making it a go-to for anyone needing efficient compression. MORE

Move Fast and Abandon Things — This blog post takes a nostalgic dive into the author’s past, exploring old shareware games they developed over 35 years ago. MORE

BBC Sound Effects Library — The BBC has a massive archive of over 30,000 sound effects that you can search, mix, and use for personal or educational projects. MORE

What I’ve Learned in the Past Year Spent Building an AI Video Editor — The author shares insights from a year of developing an AI video editor, emphasizing the importance of consistency and iteration in the creative process. MORE

Dangerzone — Dangerzone has teamed up with Google’s gVisor to enhance its security, allowing journalists to open suspicious documents safely. By integrating gVisor, Dangerzone now uses a container security solution that significantly reduces the attack surface by preventing direct access to the Linux kernel. MORE

MX Creative Console — Logitech has launched the MX Creative Console, a tool designed to streamline workflows for digital creators by automating repetitive tasks and offering AI capabilities. It integrates deeply with Adobe applications like Photoshop and Premiere Pro, enhancing features such as Generative Fill and Text-Based Editing. MORE

Advanced Structured Output Tutorial — Jason Zhou dives into the intricacies of OpenAI’s Structured Output, showcasing its application in web scraping, data extraction, and enhancing agentic workflows. MORE

Logitech’s MX Creative Console is a game-changer for photo and video editors, offering a streamlined editing experience that outshines traditional keyboard shortcuts. This $200 two-part system, born from Logitech’s acquisition of Loupedeck, is tailored for Adobe Creative Cloud users, providing seamless integration with apps like Photoshop and Premiere Pro. While its current plugin support is limited, the console’s customizable buttons and eco-friendly design make it a compelling choice for those looking to enhance their creative workflow. MORE

Dieter Rams-inspired iPhone Dock — A designer has created an iPhone dock inspired by the minimalist aesthetic of Dieter Rams. The dock combines functionality with a sleek design, aiming to blend seamlessly into any workspace. MORE

Automatic Litter Boxes — Wired has tested and recommends five automatic litter boxes for 2024, each with unique features. I want a pet, so I will definitely be needing one of these. MORE