Daniel Miessler's Blog, page 104

You'll like the typography better at We’re Moving to the On-Demand Curated Experience (OCE) Economy.

—

image by Christian Koepke

I’m not interested in technology for its own sake. I think it’s interesting precisely where (and because) it intersects with our daily lives. We’re at the beginning of many such intersections right now, but one that I’m particularly interested in is The On-Demand Experience Economy.

Traditionally, we’ve done two things related to items and experiences:

When we wanted something, we had to go get it. This could be at a store, at a restaurant, or some designated meeting place where an exchange will happen.
When we wanted something, we had to purchase it outright. There are exceptions for renting houses, or cars, but most things you had to buy in order to experience.
If we wanted to know what the best things were, we had to do a lot of manual work to figure this out.

These three things are not only changing; they’re also merging.

Amazon has forced everyone who makes something to learn how to have it delivered to you. So either they use Amazon itself or they suddenly develop a high-quality and fast shipping service that gets you goods at Amazon speeds. The alternative is (usually) to go out of business.

This is a big problem for Amazon’s biggest competitors, which are large stores like Walmart and Target. Amazon is getting better and better at replacing these stores via free shipping, a better selection, and—quite significantly—not requiring you to go anywhere. You can just order and have the stuff show up at your house.

There’s a halfway step in there as well, which is where you still have to drive to the store, but all the stuff will be paid for, bagged, and ready for you to pick up when you get there.

If you look at tech startups, new services coming out, and general product and service innovation you can see this doesn’t just apply to supermarket and grocery items. There are companies who will come to where you are and pick up and drop off your laundry. There are companies that will fill your car with gas wherever it’s parked. And lots more who will give you manicures, haircuts, or whatever other personal service you need—without you having to go to a business.

That’s the on-demand piece, and it’s one of the reasons (along with limited selection) that the malls are dying.

image by Andrik Langfield

The second piece is experience, and it’s orthogonal but arguably even more powerful. The idea is that people will be able to experience high-end products and locations (and people) without having to fully commit to a purchase or otherwise long-term relationship.

Traditional examples would be something like cars. Not many people have ever driven a 911 in their lives. Or an M3. Or a Corvette. And maybe they would love to do this, but could never afford to buy such a car. Or maybe they have a family and need a minivan, so even if they could afford a Corvette it wouldn’t be practical.

This experience component is making it so that people can own that BMW—just for the weekend. They don’t have to commit to it. They don’t have to give up the minivan. And they don’t have to pay the higher cost of ownership for more than a few days. But for their trip along the California coast they get all the benefits of their dream car.

Now imagine this for most nice things you might want to have access to, but not necessarily own. Golf clubs. Semi-automatic weapons. A small plane. A boat. A high-end gaming computer. A travel laptop.

One class of items where this probably won’t be as popular is personal items like clothes and shoes.

But let’s think bigger. Let’s say you’re planning this spectacular 7 day trip to the California coast, and you’re trying to make it as nice as possible, what else could you include?

How about staying in a nice home in the costal mountains that has a view of the water? YOu’re driving an M3 on those remarkable Highway 1 roads, and you’ve got a set of the latest PING clubs in the trunk. But where are you eating? Perhaps a special meal by a famous chef, hosted at a private home further down the coast.

Suddenly we’ve created an entire getaway, with some extremely high quality products and experiences, and we just paid for their duration—not perpetually. We can’t buy that house in the mountains overlooking the pacific. We can’t buy that M3. And we don’t know any chefs who can cook for us. But through this concept of buying ephemeral experiences, we can have all these things for the amount of time that matters.

I mentioned people, which, if you’re tuned properly, should have given you pause. There will be negative implementations of this (and already have been for centuries), but imagine the work that most comedians put into being funny with a very small chance of doing well financially or being able to make extra money outside the club.

What if you could hire a professional comedian to come drink with you and your buddies? Or what if there was a guy who’s so successful with women that you and your 20-somethings friends could benefit just by being near him at the clubs? Would you pay him to learn how to be relaxed around girls? Would you pay a Marine Biologist to come out on the ocean with you while you fish and answer questions about ocean life?

How about if they were rated with 4.8 stars by lots of people you recognize, as being “one of the most entertaining educators I’ve ever met”.

If I could pay an astronomer or cosmologist to come stargaze with me I would, in a heartbeat. Just to hear them talk, to tell me about the history of the universe, and what they are working on at the time. I give them $200 for a couple of hours, they made some cash, and I had one of the best nights of my life.

People will be able to leverage their skills, abilities, and possessions to make additional money by enhancing other peoples’ experiences.

So if I own Canon’s latest Mark VII Mirrorless camera, and a bag full of the best glass in the industry, I can keep it rented out and make good money of it. And when I need it I simply take it out of experience rotation so that I can use it for my trip. Except your sense of humor is like your camera. And your astronomy knowledge is like a nice car. They are things that you and others can benefit from.

image by Hello I’m Nik

Finally we have curation.

It’s one thing to be able to have good products brought to you wherever you are. And it’s nice that you can have any accessory, in any location, with any companion, when you want to experience something.

But what should you do? What music is best for this occasion? What does the ideal trip to the California coast actually look like? Is there a particular house/car/food/activity combination that would make it an especially rich experience?

Maybe you heard that your friend rode bikes for 50 miles, then rowed boats out into the ocean and then dove to see turtles, and the fourth grandson’s cousin of David Attenborough was the wildlife guide. Then you parasailed back and rode motorcycles to your cabin in the mountains, where you listened to a storyteller with genuinely frightening ghost stories.

The point is, that was a thing. It’s a thing that they did that 1) you’d never think of yourself, and 2) you wouldn’t have any idea how to set up.

There will be entire professions based on surfacing the best things in life to you, and then removing the maximum amount of friction towards you experiencing them.

It’s the shave gel that you must try. It’s the ultimate pair of single-monk shoes. It’s the brand of jeans that will replace your AGs. It’s the ultimate combination of foods at the restaurant you have a reservation at in 2 hours.

It’s about the ideal balance between serendipity and optimization. Sometimes you know exactly what you want, and you just need it to be executed perfectly. Other times you just want to be surprised, but in a way that you’ll like. If you’re dainty and hate nature, a hiking trip where you get chased by a real bear will not be “authentic”—it’ll be horrific.

So the magic here is understanding context, understanding preferences, and building the ultimate experience for any given moment. Maybe that’s a stay-at-home dinner tonight for under $12, or maybe it’s the best new cleaning products for the house, or maybe it’s planning a 7-day trip to Iceland.

Summary


We’re entering a new life-tech intersection that I call the On-Demand Curated Experience (OCE) Economy.
Things will come to us instead of us going to them.
We will have access to accessories, products, locations, and companions/guides/expertise that we can leverage for short amounts of time when we need them.
Having access to these high-end people, places, and things for short periods will constitute our migration away from owning to experiencing.
We will have curation services that can recommend most anything to us at any given time, from what we should eat right now within 2 blocks, to a career path for your newborn child based on your desires and values.

Some will object to these trends because they seem focused on the haves vs. the have-nots. Others will say that the experience economy turns everyone and every thing into a prop for someone to enjoy. Then some will argue that curation removes the joy of natural discovery. All three of these objections resonate with me, but I think the benefits will outnumber and overpower the negatives over time, regardless of our objections.

I personally look forward to the positives.

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

You'll like the typography better at 5 Free Images Sites to Use Instead of Google Images.

—

Google Images is still best if you want to see a picture of something. But for content creators there are a number of problems.

It’s not super easy to tell when you’re allowed to use an image or not, and if you care about being courteous to artists and photographers, this matters.
The site is infested with stock images, which—if you think about it—are nothing but advertisements.
If you create a lot of content, you’re likely to be using the same images as other content creators, and after a while it cheapens the look of your site, almost like using clipart from the 90’s.

Happily, there are better alternatives for quality and free images that you can use for your blogging.

1. Unsplash

2. Pixabay

3. Pexels

4. StockSnap.io

5. Negative Space

Notes


Even though these sites have non-copywrited images, I still recommend including the artist / photographer’s name under the image you use (when available). It’s just the right thing to do, and spreads good karma among fellow creators.

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

You'll like the typography better at Unsupervised Learning: No. 107.

—

This post contains the supplemental content for this week’s episode of Unsupervised Learning. Some people prefer fewer stories in each show while others prefer more, so I’ve solved that problem by keeping the main show tightly curated and making all the extra stories and links available to members here. It’s basically an unabridged version of the newsletter for members.

This week’s topics: Meltdown & Spectre, India’s Database, Criminals and Monero, Equifax Non-action, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Listen to this week’s Podcast

Read this week’s Newsletter

Become a Member to Get This Week’s Supplemental Content

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

You'll like the typography better at A Visual of the U.S. Generations.

—

Finding information on the various U.S. generations (boomer, millennial, x, z, etc.) is non-trivial. I end up Googling 37 different sites—all of which disagree somewhat with each other—and then I eventually give up and pick a set of numbers for that particular piece—which I then forget the next time.

Plus there aren’t really (m)any good visualizations of these ranges, which are uniquely helpful for this. So I made a reference myself that I’ll use from now on and will try to keep updated.

View the full image.

The Silent Generation


Born up to 1945

Baby Boomers


Born from: 1942-1962
Current ages: 55-75

Generation X


Born from: 1963-1983
Current ages: 34-54

Millennials (GenY)


Born from: 1982-2004
Current ages: 13-35

Generation Z (iGen)


Born from: 2000-2014
Current ages: 3-17

These ranges aren’t perfect, and they aren’t fully agreed upon by experts anyway. I mostly used Wikipedia’s numbers, but also factored in a number of other sites to end up at a middle-ground.

The black bars are the disputed edges. The bolded range is what I’m calling authoritative (my own line in the sand). And the italics indicate the range of ages of people living today in that generation.

Notes


The Strauss-Howe Generational Theory is used as a source for a lot of generational estimates.
This is Wikipedia’s article on the generations in the workplace.
The biggest fallacy right now regarding generations is that most people over 30 think that everyone young is a millennial. They’re not. Millennials ended around 2004, so if someone is 12 or younger they’re actually Generation Z.
There is trouble with the transition between Millennials and Generation Z around year 2000 in that there’s lots of overlap. I’d argue too much to survive. I wouldn’t be surprised if 2000 became the actual transition point in the future, since it’s already considered mid-nineties to mid 2000’s.

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

You'll like the typography better at Summary: Fire and Fury.

—

These book summaries are designed as captures for what I’ve read, and aren’t necessarily great standalone resources for those who have not read the book. Their purpose is to ensure that I capture what I learn from any given text, so as to avoid realizing years later that I have no idea what it was about or how I benefited from it.

I bought the book Friday night and read it on Saturday. What I got from it wasn’t any particular smoking gun or revelation, like proof that Trump is a traitor or anything like that. Quite the opposite.

What I liked about it wasn’t any information or facts about events, but rather how those events took place. I like understanding personality and power dynamics in strange environments, which I would definitely consider the current White House to be.

In fact, if anything it showed me beyond a doubt what I already believed, which is that that Trump isn’t evil in the planned, Mr. Burns type of way. Instead he’s just a perpetually insecure man who fundamentally just wants people to like and respect him.

Keeping with my everyone is multiple people theory, I’m sure Trump is a nice, charming, funny guy at times. And I’m sure he’s done really nice things for people just for the sake of doing it. The problem is that he’s also extremely self-centered, vindictive, petty, and seemingly impervious to knowledge and wisdom.

Worst of all though—for being, say, an ice cream truck operator, or a school principal, or the leader of the free world—is that he appears to have the trifecta of stupidity:

Doesn’t know much.
Doesn’t know he doesn’t know much.
Doesn’t trust people who actually do know things.

It’s like Stage 4 Dunning-Kruger.

What I found much more interesting was understanding the Bannon / Kushner / Ivanka dynamics, and seeing how all these actual powerhouses and experts like Kelly and Tillerson, responded to being disrespected by an actual bonafide idiot.

It seems there was a lot of gaslighting going on. Where people were basically looking at each other constantly, wondering if they were in a Black Mirror episode, and then wondering if they were somehow misjudging him. Like maybe he was a genius and they just weren’t smart enough to see it.

I got no bias from the book. So either it was super clean in that respect or he was quite skilled in hiding it. I suspect the former, since I didn’t end up with really any conclusions other than the fact that the entire situation is a black comedy dumpster fire.

I did learn a couple of interesting things, I suppose. Like the fact that I should have seen before and felt dumb for not realizing: the other reason the Republicans are letting him stay is because he’ll sign anything they put in front of him.

I thought they were letting him stay because they needed to have a good story for why he failed, to avoid the democrats having an “I told you so” that keeps them in office until 2030.

But it’s more tactical than that. He’s a signature pen for them, and they like that.

Anyway, I enjoyed it as something of an exploration of psychology. It didn’t read like a tabloid to me because it wasn’t about revelations. It was more about understanding strange human dynamics. Like watching liquids act strangely in space.

[ Find my other book summaries here. ]

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

You'll like the typography better at What is Everyone In Consumer Tech Racing Towards?.

—

I wrote The Real Internet of Things to answer the question of where all this consumer tech was eventually going to lead us. I think I mostly captured it there, but wanted to summarize here.

I’m not sure where Microsoft is in this, and neither is anyone else.

Right now we basically have Apple and Google fighting for supremacy in the most important domain, which is the human operating system. Right now that means mobile, because mobile devices are the closest thing we have to being part of you. This is why Facebook and Amazon are outsiders to some degree—they don’t have a mobile OS. But Amazon is so scrappy that they are forcing their way in via the home with Alexa.

The way I’d say this in kind of an Appley way, is that all these companies are fighting to become your lifeOS.

Now a lot of people in various product marketing teams and in the media talk around this point. Obviously everyone is trying to help manage your life in various ways. Obviously everyone is offering calendar, search, voice activation, home automation, etc.

But I feel like nobody is just coming out and saying what the end-goal is, which is life management.

And what are our lives made up of? Broadly, it’s work and personal. But even that line is too deep in the details to see the longterm goal here.

All these platforms are fighting to be the single source of truth for your life. And not in a bad way, like many in InfoSec think. It’s just the ultimate business goal in terms of customer satisfaction.

Managing multiple vendors is a mess. Multiple logins. Multiple accounts. Outlook for this, using Microsoft. Android for this, using Google credentials. Apple for this, using iCloud. Smarthome this. Smart car that.

It’s rubbish.

In 2030 or so, people will have chosen a single lifeOS to use, and who knows how many there will be, but let’s say three good ones and 10 more fighting to be in the top three.

When you wake up, you’ll be greeted by your personal assistant. It will know your entire schedule, where you need to be, when, and it’ll be working every moment to optimize your day.

If you work in an office, you’ll be driven there by a vehicle that was ordered for you. At work you won’t have to log in to much because most auth will be composite authentication using many factors that your lifeOS has been reading the whole time you’ve been awake.

It knows how to get your work stuff, your work emails, internal documents, etc. It knows how to contact your colleagues. How to do voice or video conferences with them, send messages of various types, etc.

The key point here is seamless. Management of all this is done by your lifeOS in conjunction with the security subsystems at work—which of course are compatible with your choice of operating system.

When your husband or wife calls, your assistant tells you, or sends them to leave a message if it sees you’re busy. If your husband can update your calendar, when he adds something it’ll show in your work calendar as well because it’ll mostly be contexts that you see, with multiple feeds coming in from different sources.

Key features here are single interfaces (mostly your digital assistant), integration of the various parts of your life, and extremely low friction.

Browsing websites, seeing your personal data on those sites, making purchases, etc.—all handled transparently by the authentication

—

I spend between 5 and 20 hours on this content every week, and if you are the generous type and can afford fancy coffee whenever you want, please consider becoming a member for just $10/month…

Begin Membership…

Thank you!

To benefit from the work I put into my typography, read natively at: A Null Pointer Dereference Primer.

—

Most of my technical primers are…well, technical. This one won’t be because the problem is confusion rather than complexity.

I’ve been in software security for over a decade, and nearly every tester or developer I’ve asked about this topic thinks Null Pointer Dereference Vulnerabilities mean one of two things:

Someone tried to delete (dereference) a pointer while it pointed to NULL, or…
Failure to clean up (dereference) NULL pointers.

In both cases, the mistake is made because they think dereference means to delete something, which it does not. In programming parlance, dereferencing means getting the value for something—a.k.a., reading it.

In other words, a Null Pointer Dereference Vulnerability just means reading a NULL pointer.

That’s it.

It’s not about deleting references, or leaving references lying around, or cleaning up NULL pointers, or any of that stuff. Computers just hate trying to extract the value for things that don’t exist. And I can’t say I blame them.

Hope this helps someone.

Notes


This is a fantastic explanation of pointers on Stack Overflow.
Thanks to Jason Powell for talking through this, championing the cause, and reminding me that this primer still needed to be written.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel

To benefit from the work I put into my typography, read natively at: A Simple Explanation of the Differences Between Meltdown and Spectre.

—

[image error]

Many people have pinged me asking for a dead-simple explanation of the differences (and similarities) between these two attacks. Here’s an extremely basic summary:

The mitigation story will continue to evolve as time passes, and will include hardware and firmware updates eventually.

Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute programs on the system.
Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have, granting access to sensitive information in other applications’ memory space.

There are software patches for both Meltdown and Spectre, but they’re more straightforward for Meltdown.

I say “multiple users” here as a reference to entities who might attack one another. You can actually use these attacks to read content from any application even if you only have a single user.

The major risk consideration here is whether you have multiple users sharing a single CPU.

This means regular systems with multiple accounts, virtualization environments, and cloud. Your risk will be different depending on the hardware platforms used, the operating systems running on those platforms, and your various patch levels at any given time, but the basic concept for these two attacks is that you should consider secrets to be attackable on multi-user systems that share a CPU.

In short, both Meltdown and Spectre allow low-privilege users to read sensitive information from memory on the same system via Speculative Execution. The difference is that Meltdown takes advantage of a specific Intel privilege escalation issue to do this, while Spectre uses the combination of Speculative Execution and Branch Prediction. Both issues can be addressed with software patches, but this is more effective for Meltdown than Spectre.

Notes


The Meltdown Paper.
The Spectre Paper.
If you see any flaws in this simplification, please let me know so that I can correct them.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel

To benefit from the work I put into my typography, read natively at: Unsupervised Learning: No. 106.

—

This post contains the supplemental content for this week’s episode of Unsupervised Learning. Some people prefer fewer stories in each show while others prefer more, so I’ve solved that problem by keeping the main show tightly curated and making all the extra stories and links available to members here. It’s basically an unabridged version of the newsletter for members.

This week’s topics: Swatting death, Ethereum kidnap, Chinese dystopia, Alteryx S3 bucket, Starbucks Monero, Forever21, Microphone ads, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Listen to this week’s Podcast


Read this week’s Newsletter


Become a Member to Get This Week’s Supplemental Content

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel

To benefit from the work I put into my typography, read natively at: Raw Water is the Latest Example of Lupus Liberalism.

—

High-profile Bay Area denizens are skipping tap water in favor of drinking unfiltered, untreated, and expensive “raw” water that comes straight out of the ground, Nellie Bowles reports for The New York Times.

Source: ‘Raw water’ is a pseudo-scientific craze that could make you sick – The Verge

The first time I wrote about Lupus Liberalism was in reference to over-aggressive political correctness, but this Raw Water craze is more akin to the anti-vaxer movement where the theme is ignoring science at your own peril. The general theme is still intact, though.

Lupus Liberalism is any situation where you go so left that your leftness starts doing damage.

I think the best (and actually the only) solution to this is to let it play out. Lots of people will embrace the movement, which will get lots of people sick.

I couldn’t help but smile a little when thinking about someone in the hospital, on an IV line, and screaming when they find out there’s medicine in the medicine they’re getting.

This isn’t free-range medicine? This is like, created somewhere?

Afraid so, friend.

Science, medicine, and germ theory—as it turns out—never roamed the African plains in all their natural glory before humans showed up. We had to conjure them into being using the quite “not found in nature” techniques of the scientific method, sterilization, and other extremely artificial concepts like that.

There’s actually nothing more natural than dying at 23 from a tooth infection.

That should be the next craze, really, getting rid of anesthesia and anti-biotics. We’ll call it the Grin and Bear movement.

So if you have a cavity that is going to kill you, you have a Quinoa salad, your kid (let’s call him Measles, since he’s not vaccinated) will hand you a twine stress ball, and the local shaman (doctors are lame) will rip the tooth from your skull using a hand-forged iron plier sanitized in Raw Water.

Sometimes evolution’s pendulum over-swings when trying out new things, and all these examples (raw water, antivax, etc.) are cases in point for good ideas taken too far.

Nature will punish those who take the bait.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel