Daniel Miessler's Blog, page 109

For the best reading experience, I recommend you view this content natively at: How to Edit Your Crontab Using Vim.

—

If you’re a vim user like I am and you run crontab -e and get dropped into nano, you’re likely to make the same face as a baby eating a lemon.

A baby eating a lemon

Not fun, but there’s a fix.

Update your shell configuration file (.bashrc, .zshrc, .profile, whatever), to include the following:

alias crontab=”export VISUAL=vim; crontab”

Then you can simply run the command normally to edit your crontab with vim.

crontab -e

No more nano, and good riddance.

Read or comment at How to Edit Your Crontab Using Vim.

For the best reading experience, I recommend you view this content natively at: Unsupervised Learning: No. 102.

—

This is episode No. 102 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…

This week’s topics: Github security, China IW, Brexit IW, S3 again, Quad9 DNS security, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Listen and subscribe via…

Read below for this episode’s show notes & newsletter, and get previous editions…

Security news





Github is now incorporating two separate security services into its offering directly: 1) it will tell you what dependencies you have in your code (JavaScript and Ruby), and 2) they will tell you if you have vulnerabilities in those dependencies. Fantastic stuff, although I can hear the collective groans of so many companies whose entire purpose was doing these things.



Researchers at the University of Edinburgh identified 419 Russian accounts attempting to influence the Brexit outcome. This shows that Russian information warfare efforts are not a Trump thing, or a U.S. thing: they're a concerted effort to affect outcomes in a way that benefits Russia. And they're using information warfare through social media as the weapon. Well, put that way it seems downright expected.



A paper out of Harvard describes how China has an army of people injecting fake comments into its social media networks for the purpose of cheerleading for the government and its policies. It claims this 5c party is responsible for around 448 million social media comments a year.



A military contractor has left a ton of data on an unsecured S3 bucket about what looks to be a military-sponsored intelligence campaign. It's astounding to me how much this keeps happening and how easy it is to avoid.



Quad9 is a free new DNS security service from IBM that lives at IP 9.9.9.9 (it's four 9's). They're presumably doing a bunch of domain filtering, similar to other services like Cisco's Umbrella (which used to be OpenDNS) and Akamai. They're evidently filtering using around 15 different feeds. Cool idea. I like how simple it is; hopefully that'll get a decent number of non-experts using it.



It looks like Microsoft might have patched a bug in its old Equation Editor utility by modifying the executable directly instead of updating the source and recompiling. 



Patching: PeopleSoft, Microsoft's November 2017 Security Updates





Technology news





Tesla showed off its Semi truck, which will have a range of 500 miles and haul a maximum load of 80,000 pounds. Musk said they're working on a charging solution that will give 400 miles in 30 minutes, all using solar power.



The Brookings Institute says digitalization is coming for pretty much every industry, and the more tech you know the more stable your job will be and the more you'll make. Mean wages for highly digital jobs was around $73K. It was $48K for medium digital jobs, and $30K for low digital jobs.



The reviews are coming in for Google's Pixel Buds. They appear to say exactly what I would expect them to, which is that they sound like a great idea, but weren't executed very well. This is what I expect from any Google product with a UI/UX. Look at their administrator consoles. Look at their numerous attempts to launch a social network. Look at their numerous renaming of their conference call tool. They keep renaming things, relaunching, and failing. They seem completely tone deaf to how people actually use things. Utter geniuses on the backend, and completely lost when it comes to interface.



Apple Watch can be used to detect arrhythmia, hypertension, and sleep apnea. 



China has completely passed the U.S. in the number of the world's most powerful computers. They now have 202 while the U.S. has 143.





Human news 





Another major study has indicated that coffee consumption is good for you. As little as one cup a week may lower your chances of stroke or heart failure. And the benefits go up when you drink more. Adding up the numbers I think this means I'm immune to those things.



The FDA has approved a new digital pill that can track whether or not you've taken your medicine, and then sends that data to your doctor and up to three other people.



Two scientists are predicting more extreme earthquakes in 2018 due to a correlation with a cycle of slowing earth rotation.



Britain recorded 2,255 modern slavery offenses in England and Wales last year, an increase of 159% over last year.



We sent a signal to a star system 12 light years away from us. Which means they'll get it 12 years from now. The system has two planets—one of which might be able to support life. I used to be all about these kind of broadcasts, but after reading The Three Body Problem I now think (along with Hawking) that we should probably be quiet.



Blood tests may soon be able to tell you about your cognitive health, including your risk for Alzheimer's.



It appears many opiate users are dying because they're using (and combining) their drugs unsafely, e.g., mixing them with alcohol, taking fentanyl when they think it's heroin, etc.





Ideas





I think I may have found a link between opiate and smartphone addiction: the lack of a strong meaning loop.



Startups are incubation laboratories for features that—if popular—will inevitably end up in the platforms and operating systems themselves.



I've started a new series for members called Algorithmic Learning, where I define a practical methodology for doing a specific task. The first edition is on Leadership, and it describes my personal approach to leadership, a system for building a new team, and ways of handling various leadership situations. Really looking forward to feedback and ideas on how to improve it. (Member Content)





Discovery





You can edit your /etc/pam.d/sudo file in macOS to allow you to sudo using your fingerprint on a new MacBook Pro.



Digital Ocean has put out a nice Introduction to Machine Learning.



AWS has released some new AMIs for learning Deep Learning.



How Facebook figures out everyone you've ever met.



Cracking MMORPGs



Chaining web vulnerabilities to get RCE

An epic list of Reverse Engineering resources.

Notes





I finished BoBos in Paradise, by David Brooks, and started and finished Leadership Step by Step, by Joshua Spodek. Both were fantastic. I started Losing Ground, by Charles Murray, but I think I already know and accept the conclusion, so I put that one down. Also reading Player Piano, by Vonnegut, which I tried to get through before but stumbled in the beginning.



I had LASIK at UC Berkeley. I'm a few days into recovery and my near vision is unbelievable. My distance vision is still a bit suspect, but it's improving every day. I had a 70 second laser burn because I was farsighted. I have some star bursting, which is a symptom of the swelling, but I'm hopeful it'll completely disappear within a month or so. Overall, couldn't be happier.





Recommendations





A number of groups have released basic security guides. Here's Motherboard's Guide to Not Getting Hacked, the EFF on Surveillance Self-defense, and @InfoSecTaylorSwift's Decent Security. These are good for getting less savvy loved ones up to speed on the basics.



Subscribe to my site's RSS feed. The feed has full text so you don't have to click through to read, but I recommend that you do. It looks better due to the time I've spent on typography and design, and you can comment on the site as well.



When at a conference, encourage people to stand in the Pac Man formation, which allows space for one more person to join your group.





Aphorism





“We are what we repeatedly do.”



 

Read or comment at Unsupervised Learning: No. 102.

For the best reading experience, I recommend you view this content natively at: The Connection Between Opiate and Smartphone Addiction.

—

A while back I wrote a short piece called Addiction Caused by Isolation, where I talked bout research saying that the main cause for addiction to drugs is basically the lack of another meaning loop.

The research, which has been done by a number of people now, essentially asked if we’ve been thinking about the problem of addiction all wrong. Instead of the drug being the problem, perhaps the problem was that there was nothing in their life that was important to them.

A key observation was that when a regular family person, with a loving spouse, kids, partner, good work, etc., goes into the hospital for some sort of major or prolonged stay, they often receive drugs that are even more powerful than what addicts have on the street. But when they are released they are never inspired to go and seek out that drug afterwards.

Why is that?

If it were the drug that were so powerful that it caused addiction, then we would have the problem with everyone who took it. But we don’t. We only have the problem with people who don’t have strong meaning loops elsewhere in life.

Now enter mobile phones.

Suicide rates for teen girls has just hit a 40-year-high. There are opposing theories for what the causes are, but I’m putting my money on the meaning loop problem. That is, if you gain your meaning from watching other peoples’ lives, getting attention on social media, and constant refreshing of what’s new on your device, then you’ve basically abandoned any more meaningful meaning.

It’s like eating sugar packets for every meal. Eventually, you pay for it.

To me, the opiates and smartphone analogy is quite strong. It’s not a matter of either of them being bad. Just like sugar packets. The problem is when you substitute life for them.

The way to tell when you’re doing too much smart phone is to look at how much meaning and value you’re getting from life without it. Are you reading? Are you writing? Are you camping? Playing sports? Studying? Are you creating art? Are you a great parent? Essentially, what is your primary meaning loop?

If you don’t have one, and you also happen to spend many, many hours a day on your mobile phone, then I think this introduces risk of serious spats of unhappiness, depression, and even suicidal thoughts.

The fix is clear, but not easy, for both: Build meaning away from the device. It’s not just that you’re not on the smartphone. It’s that you need to be doing something else that you get meaning from—whatever that is. Once you nurture your new meaning loop(s) and the are sustaining you in a healthy way, spending a bit of time on your phone won’t be dangerous at all.

Summary


If you’re depressed and you spend way too much time on your mobile phone, find a source of meaning outside your device.
If you’re a parent or loved one seeing someone young in this situation, talk to the guardian as soon as possible and try to help them build that other meaning loop.


Notes


I’m a security consultant, not a doctor, so obviously talk to a professional before you intervene in someone’s life.

Read or comment at The Connection Between Opiate and Smartphone Addiction.

For the best reading experience, I recommend you view this content natively at: The Algorithmic Learning Series: Leadership.

—

Art by Dan Tepfer

This is an experimental series where I attempt to put Algorithmic Learning into practice. I describe Algorithmic Learning here:

It starts with having an algorithm—a methodology—for doing some task or approaching some problem. Then, when new information is acquired, instead of relying on osmosis, we modify our actual algorithm for doing that thing. Then we regularly review our algorithms so that we’re changing our daily behavior.

SOURCE: Algorithmic Learning

Using that Algorithmic Learning structure, each installment in the series covers a particular subject or skill in life that I want to improve—in this case, Leadership.

…

This is exclusive content for subscribers to the site. Become a Member to gain access to this and other special content.

Read or comment at The Algorithmic Learning Series: Leadership.

For the best reading experience, I recommend you view this content natively at: Seeing a Site’s Technology Stack Using Wappalyzer.

—

There are many reasons why you might want to know what technologies a site is running. You might like how the site looks or functions, and want to copy it. Or you might be a security tester looking for vulnerabilities.

For a long time, BuiltWith was pretty much the only option out there, but it’s a paid offering once you hit a certain amount of usage.

Wappalyzer (Web App Analyzer) is a great alternative.

Wappalyzer vs. NyTimes

Wappalyzer is not only great for doing scans right on the website itself, but they also make a bookmarklet available. Drag that link to your favorites bar and click it on any site you’re on and it’ll give you a display like the one above.

Finally, and perhaps best of all—you can download the entire tool for free and run it yourself. So instead of having to spam the website itself with requests, you can have your own copy running locally that you can hit as much as you want.

So if you make a lot of requests, have issues with paying for API access to BuiltWith, or are getting throttled making web requests to one of the tools, I highly suggest checking out Wappalyzer.

Read or comment at Seeing a Site’s Technology Stack Using Wappalyzer.

For the best reading experience, I recommend you view this content natively at: Triangulating on Conservative Values From Multiple Sources.

—

For someone who grew up in the Bay Area and has spent their life being mostly liberal, becoming “a lot” more conservative can mean a lot of things. But let me try to unpack some of what I’m feeling right now.

First, the impetus here is a collision between multiple ideas and the reading of multiple books. BoBos in Paradise, by David Brooks. Coming Apart, by Charles Murray. The New Urban Crisis, by Richard Florida. And The Conquest of Happiness, by Bertrand Russell.

That last one seems out of place, but it’ll fit by the end.

So, some of these thoughts have been brewing for years and years. Especially those around the idea that struggle is essential to happiness. In that piece I literally try to figure out how we’re going to be happy as organisms once we remove our faults and our challenges. And the answer is that we won’t be—or at least not in a natural way. We either have fake happiness or we have fake obstacles. You have to pick one.

I’ve been reading Bertrand Russell since university, or maybe before, but I’ve always loved what he had to say about happiness. Here’s an example.

Someone who acquires easily things for which he feels only a very moderate desire concludes that the attainment of desire does not bring happiness. If they are of a philosophic dispositi on, they’ll conclude that human life is essentially wretched, since they have all they want and are still unhappy. People forget that to be without some of the things you want is an indispensable part of happiness. ~ Bertrand Russell, The Conquest of Happiness

Once again, he’s talking about the necessity of struggle. The need to strive. The need to chase something.

After having read a million (or so) books on evolution, I now see that’s part of evolution’s trick. And it’s a dirty one. We receive a temporary bit of happiness when we strive for something and achieve it, but before the glow can even fade our smile is already fading as we glance around to see what else is out there.

Evolution doesn’t want us happy. It wants us to want to be happy. Big difference. So it dangles things right in front of us, just out of our reach, to make us reach and sprint and climb and strive. This is how it picks winners, and winners get to feel—even if it’s fleeting—that sensation of overcoming.

Overcoming is key. The best kind of desire to have and overcome is not a superfluous one, but a fundamental one. Survival and reproduction are center mass here. If you win at those you just win. So many other types of happiness are proxies or facsimiles of these most basic of requirements.

Politics

So what does this have to do with politics and becoming more conservative? Good question.

The books I just finished from a bunch of conservative authors had a central theme, which was the rise of the new upper class and how it’s separating from the rest of the country. The first part of the books were interesting enough, talking about the new class and its various behaviors and such. But it was largely entertainment. It’s the last parts of each book that really hit me. Both Charles Murray and David Brooks spent the last chapters talking about how behaviors affected culture, and how culture affects the health of a society.

But they didn’t do it in the way I would have assumed they would have. They didn’t blame the poor and the weak. They didn’t place judgement on them. They didn’t give excuses for why it was ok to discard them. Instead their position was one of empathy. It was a description of how their way of life is different than the new rich way of life, which is in turn different than the recent conservative way of life.

Here are a few discreet ideas I extracted:

The new educated class (Brooks) merges the counter-culture tendencies of Bohemians with the disciplined and refined nature of the Bourgeois—hence his label of “BoBos”. This combination creates people who are conservative in some ways and liberal in others.
Brooks mentions how many BoBos are embracing religion, but doing so in ways that don’t directly cross their liberal beliefs. So they don’t believe the core dogma, and don’t support any beliefs that exclude or demean anyone. But they are being drawn to the concept of social belonging, to the idea of following rules that come from outside of them.
Murray talked about how everyone in the U.S. used to learn a core set of principles in school. They were moral principles. Social principles. And Nationalistic principles. And they were of course somewhat religious, but less so than most might think. He talked about the concept of industriousness being one of the primary attributes of an American, and how this is one of the main things that declined between 1960 and 2010. There are so many people in the country now who find it ok not to strive.
At the end of Coming Apart, Murray talks about the difference between Europe and America in the early days. He says America was known for the work ethic. And the purpose of life was to struggle to improve. To strive. To get better work. Do more work. To do better work. But for Europeans the idea was to maximize leisure. So the question was how much vacation could you take, and how little work could you do. I thought of France when I read that.
One of the authors also talked about how the rich have these more conservative approaches to life (self-discipline, self-sacrifice, planning, industriousness, etc.) that old-school Americans had, and how these were what lead to having good educations, good jobs, and basically the Good Life. And that lead to living in the best neighborhoods, next to other people who were the same. They also mentioned (I thin it was Brooks) that the rich don’t want to share this information with anyone because they are afraid of preaching and of appearing condescending.

So then it detonated for me. All of it. The fact that we need to struggle to be happy. The fact that the rich have secrets that they’re not sharing. And the fact that they’re not sharing those secrets because it wouldn’t be polite more than anything.

I recently wrote a post called The Bifurcation of America: The Forced Class Separation into Alphas and Betas, where I talked about how you’re either striving to become an Alpha or you’re about to become a Beta by default. This is exactly what they were writing about as well.

Another converging idea I was about to write about is homelessness. I live in San Francisco, which has one of the largest homeless populations in the country (the world?). Only recently have I started challenging my liberal upbringing on how to view them.

My recent thoughts have been that you’re either:

mentally ill, in which case society needs to get you help
on drugs, in which case society needs to help you get off them
willing and struggling to be a productive member of society, in which case society should help you get work
or you’re actually not interested in being helped because you like your life just fine

I didn’t think there were many people—if any—in the fourth category until recently. But I know many people who would be happy to never work another day in their lives. They’d be happy to unsubscribe from society completely. Welfare. Disability. Whatever. They have no interest in bettering themselves, striving, improving, whatever. They just want to live, day to day, to have whatever fun is available.

That’s a lifestyle choice, and it’s a choice that more and more Americans are making all the time. Especially young males. They just decided to stay at home and play video games.

So when a “conservative” tells them they’re losers, and that they should get a fucking job, I used to hear something else. I used to hear that they were saying this to the poor, to the working class, who were striving and failing because society is stacked against them.

That’s the key. There’s a major difference between someone who’s struggling and being pushed under the water by an unfair system, vs. someone who wants to build a house on the bottom of the ocean. Conservatives (whatever that means) need to learn about this distinction, but liberals need the lesson even more than they do.

Pulling it together

So what I’ve learned in all this is that there is a cocktail of success for life. It involves being industrious, having a strong work ethic, being self-disciplined, having a sense of community, of empathy, and some sort of concept of working towards something greater than yourself.

This combination is magical in its ability to produce success. But right now it’s a luxury for the rich. It’s a free luxury. That’s the most messed up part. As free as the wind, and just as elusive.

So, more than ever, I now see the wisdom of a conservative lifestyle. Not NeoCons, or any of these clowns in Republican office today, but an old-style conservatism.

But I also haven’t lost where I’m liberal, which is finding new and interesting ways to pursue the things that matter. As David Brooks talked about, though, a trap that liberals can fall into is endless choice and endless pursuit, meaning you never really arrive at happiness.

I think what I’ve stumbled upon is a powerful hybrid. A composite of these core principles of industriousness, self-discipline, altruism, public service, etc., that are associated with traditional conservatism—combined with the secular and humanist centerpieces of rejecting dogma, promoting equality, and embracing evidence and continuous improvement.

Perhaps my biggest takeaway is that this information needs to be shared. It’s wrong for only the rich to know that this is how to thrive in this increasingly hostile world. We must find a way to offer this way of life without dogma or condescension. It should simply be taught to everyone, shared in parenting classes, put in high school and university courses, etc.

And even earlier, really. In grade school, like we used to. We have to find a way to pass these concepts on in a way that doesn’t trigger 47 different groups, of course, but hopefully that tendency would diminish as we started to synchronize on certain first principles.

We simply have to find a way to make it so that the privileged aren’t the only ones raising their kids with these superpower values. If we don’t, the top 5% will continue to pull away from the masses at an accelerating rate, and the longterm outcome for the country, and indeed the world, will not be pleasant.

Read or comment at Triangulating on Conservative Values From Multiple Sources.

For the best reading experience, I recommend you view this content natively at: I Think I Just Became a Lot More Conservative.

—

For someone who grew up in the Bay Area and has spent their life being mostly liberal, becoming “a lot” more conservative can mean a lot of things. But let me try to unpack some of what I’m feeling right now.

First, the impetus here is a collision between multiple ideas and the reading of multiple books. BoBos in Paradise, by David Brooks. Coming Apart, by Charles Murray. The New Urban Crisis, by Richard Florida. And The Conquest of Happiness, by Bertrand Russell.

That last one seems out of place, but it’ll fit by the end.

So, some of these thoughts have been brewing for years and years. Especially those around the idea that struggle is essential to happiness. In that piece I literally try to figure out how we’re going to be happy as organisms once we remove our faults and our challenges. And the answer is that we won’t be—or at least not in a natural way. We either have fake happiness or we have fake obstacles. You have to pick one.

I’ve been reading Bertrand Russell since university, or maybe before, but I’ve always loved what he had to say about happiness. Here’s an example.

Someone who acquires easily things for which he feels only a very moderate desire concludes that the attainment of desire does not bring happiness. If they are of a philosophic dispositi on, they’ll conclude that human life is essentially wretched, since they have all they want and are still unhappy. People forget that to be without some of the things you want is an indispensable part of happiness. ~ Bertrand Russell, The Conquest of Happiness

Once again, he’s talking about the necessity of struggle. The need to strive. The need to chase something.

After having read a million (or so) books on evolution, I now see that’s part of evolution’s trick. And it’s a dirty one. We receive a temporary bit of happiness when we strive for something and achieve it, but before the glow can even fade our smile is already fading as we glance around to see what else is out there.

Evolution doesn’t want us happy. It wants us to want to be happy. Big difference. So it dangles things right in front of us, just out of our reach, to make us reach and sprint and climb and strive. This is how it picks winners, and winners get to feel—even if it’s fleeting—that sensation of overcoming.

Overcoming is key. The best kind of desire to have and overcome is not a superfluous one, but a fundamental one. Survival and reproduction are center mass here. If you win at those you just win. So many other types of happiness are proxies or facsimiles of these most basic of requirements.

Politics

So what does this have to do with politics and becoming more conservative? Good question.

The books I just finished from a bunch of conservative authors had a central theme, which was the rise of the new upper class and how it’s separating from the rest of the country. The first part of the books were interesting enough, talking about the new class and its various behaviors and such. But it was largely entertainment. It’s the last parts of each book that really hit me. Both Charles Murray and David Brooks spent the last chapters talking about how behaviors affected culture, and how culture affects the health of a society.

But they didn’t do it in the way I would have assumed they would have. They didn’t blame the poor and the weak. They didn’t place judgement on them. They didn’t give excuses for why it was ok to discard them. Instead their position was one of empathy. It was a description of how their way of life is different than the new rich way of life, which is in turn different than the recent conservative way of life.

Here are a few discreet ideas I extracted:

The new educated class (Brooks) merges the counter-culture tendencies of Bohemians with the disciplined and refined nature of the Bourgeois—hence his label of “BoBos”. This combination creates people who are conservative in some ways and liberal in others.
Brooks mentions how many BoBos are embracing religion, but doing so in ways that don’t directly cross their liberal beliefs. So they don’t believe the core dogma, and don’t support any beliefs that exclude or demean anyone. But they are being drawn to the concept of social belonging, to the idea of following rules that come from outside of them.
Murray talked about how everyone in the U.S. used to learn a core set of principles in school. They were moral principles. Social principles. And Nationalistic principles. And they were of course somewhat religious, but less so than most might think. He talked about the concept of industriousness being one of the primary attributes of an American, and how this is one of the main things that declined between 1960 and 2010. There are so many people in the country now who find it ok not to strive.
At the end of Coming Apart, Murray talks about the difference between Europe and America in the early days. He says America was known for the work ethic. And the purpose of life was to struggle to improve. To strive. To get better work. Do more work. To do better work. But for Europeans the idea was to maximize leisure. So the question was how much vacation could you take, and how little work could you do. I thought of France when I read that.
One of the authors also talked about how the rich have these more conservative approaches to life (self-discipline, self-sacrifice, planning, industriousness, etc.) that old-school Americans had, and how these were what lead to having good educations, good jobs, and basically the Good Life. And that lead to living in the best neighborhoods, next to other people who were the same. They also mentioned (I thin it was Brooks) that the rich don’t want to share this information with anyone because they are afraid of preaching and of appearing condescending.

So then it detonated for me. All of it. The fact that we need to struggle to be happy. The fact that the rich have secrets that they’re not sharing. And the fact that they’re not sharing those secrets because it wouldn’t be polite more than anything.

I recently wrote a post called The Bifurcation of America: The Forced Class Separation into Alphas and Betas, where I talked about how you’re either striving to become an Alpha or you’re about to become a Beta by default. This is exactly what they were writing about as well.

Another converging idea I was about to write about is homelessness. I live in San Francisco, which has one of the largest homeless populations in the country (the world?). Only recently have I started challenging my liberal upbringing on how to view them.

My recent thoughts have been that you’re either:

mentally ill, in which case society needs to get you help
on drugs, in which case society needs to help you get off them
willing and struggling to be a productive member of society, in which case society should help you get work
or you’re actually not interested in being helped because you like your life just fine

I didn’t think there were many people—if any—in the fourth category until recently. But I know many people who would be happy to never work another day in their lives. They’d be happy to unsubscribe from society completely. Welfare. Disability. Whatever. They have no interest in bettering themselves, striving, improving, whatever. They just want to live, day to day, to have whatever fun is available.

That’s a lifestyle choice, and it’s a choice that more and more Americans are making all the time. Especially young males. They just decided to stay at home and play video games.

So when a “conservative” tells them they’re losers, and that they should get a fucking job, I used to hear something else. I used to hear that they were saying this to the poor, to the working class, who were striving and failing because society is stacked against them.

That’s the key. There’s a major difference between someone who’s struggling and being pushed under the water by an unfair system, vs. someone who wants to build a house on the bottom of the ocean. Conservatives (whatever that means) need to learn about this distinction, but liberals need the lesson even more than they do.

Pulling it together

So what I’ve learned in all this is that there is a cocktail of success for life. It involves being industrious, having a strong work ethic, being self-disciplined, having a sense of community, of empathy, and some sort of concept of working towards something greater than yourself.

This combination is magical in its ability to produce success. But right now it’s a luxury for the rich. It’s a free luxury. That’s the most messed up part. As free as the wind, and just as elusive.

So, more than ever, I now see the wisdom of a conservative lifestyle. Not NeoCons, or any of these clowns in Republican office today, but an old-style conservatism.

But I also haven’t lost where I’m liberal, which is finding new and interesting ways to pursue the things that matter. As David Brooks talked about, though, a trap that liberals can fall into is endless choice and endless pursuit, meaning you never really arrive at happiness.

I think what I’ve stumbled upon is a powerful hybrid. A composite of these core principles of industriousness, self-discipline, altruism, public service, etc., that are associated with traditional conservatism—combined with the secular and humanist centerpieces of rejecting dogma, promoting equality, and embracing evidence and continuous improvement.

Perhaps my biggest takeaway is that this information needs to be shared. It’s wrong for only the rich to know that this is how to thrive in this increasingly hostile world. We must find a way to offer this way of life without dogma or condescension. It should simply be taught to everyone, shared in parenting classes, put in high school and university courses, etc.

And even earlier. In grade school. We have to find a way to pass these concepts on in a way that doesn’t trigger 47 different groups. Either we do or the 95% will be left behind while the top 5% takes those same lessons as obvious and use them to own the world.

Read or comment at I Think I Just Became a Lot More Conservative.

For the best reading experience, I recommend you view this content natively at: Unsupervised Learning: No. 101.

—

This is episode No. 101 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…

This week’s topics: Verizon’s DBIR Report, sleeping fingerprints, IoT legislation, S3 security tools, AI tricks scammers, SEALs kill Green Beret, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Listen and subscribe via…

Read below for this episode’s show notes & newsletter, and get previous editions…

Security news





Verizon has released the 10th edition of its Data Breach Investigations Report. As usual the report was quite good. They highlighted 75% of attacks were outsiders, 81% of attacks involved stolen or weak passwords, 66% of malware was installed via email attachment, showing that phishing continues to dominate as an attack technique. 73% of breaches were financially motivated, and 21% were espionage. That seemed high to me, which was interesting. Cyber-espionage was the top issue for manufacturing, which makes me concerned for the health of the supply chain. My key takeaway is that I'd love to see a report on the reasons we continue to fail. How can we have such massive security teams and massive budgets but remain so broken? I have my own ideas, but would love to see this studied specifically. Read my summary here.



A woman flying with her sleep husband unlocked his phone with his fingerprint and discovered that he was cheating on her. She pummeled him so badly that they had to land to take her off the plane. It's an interesting story because it highlights the different threat models against authentication systems. As I wrote about here, mobile authentication systems are strong in some areas and weak in others. The way you pick one is to determine what threats you most care about and then pick the authentication system that best protects against those threats. FaceID, for example, would not have opened if he had the “require attention” feature turned on, because it would have required that his eyes were open and that he was looking at the phone. Password, on the other hand, she might not have known, but can easily be shoulder-surfed. It's all about what you're protecting against.



There's a new IoT Security bill being proposed by two Republicans and two Democrats, called the Internet of Things CyberSecurity Improvement Act of 2017. It seems somewhat promising in that it requires products to be without vulnerabilities, to have a secure update mechanism, to use secure communication, to not use hardcoded credentials, to patch within a realistic timeframe, and to have a disclosure mechanism for vulnerabilities. This matches many other similar proposals. The question is can it get enough backing, with enough simplicity, to actually make progress.



Google says that attackers steal around 250,000 valid Google usernames and passwords per week.



Amazon has released five new security tools for S3 buckets. Default encryption, permission checks, cross-region ACL overwrites, cross-region replication with KMS, and detailed inventory reporting.

 

This AI bot pretends it's a human to make spammers waste time. This AI bot is a hero. To enlist this bot in your own scam battles, you can forward a scam to me@rescam.org.



It appears that two members of SEAL Team 6 might have killed a Green Beret over some illegal cash. The Special Operations community is in turmoil about the whole thing.





Technology news





Uber's flying car project, Elevate, appears to be closer than we thought. It's like a very small plane that appears to be able to take off vertically. Even if it's feasible though, I'm not sure how affordable (and therefore practical) it will be.



IBM is making its 20 qbit (emulated) computer available as a cloud service, and it just announced its working on a 50 qbit version.



The creators of Pokemon Go are releasing a new AR game in 2018 based on Harry Potter. I'm in for at least a couple of weeks.



Snap is in major trouble, as one would expect when Facebook copies your entire business. If it were honest, their pitch should have been, “Give me billions of dollars to do what Facebook will copy in a matter of weeks or months.” Because that's exactly what happened. And anyone familiar with the space saw the future happen in slow motion. We can only hope it'll be a lesson for next time.





Human news 





The fallout continues for famous and powerful people being accused of sexual harassment and assault. I think we're less than half way done with this cycle, as there are probably massive new examples being prepped right now that that are taking a long time to get ready due to the power of the accused.



This Japanese company hires actors to play various social roles for you, such as spouse, friend, father, etc. The CEO was hired to pretend he was a 12-year-old girl's father so she wouldn't be bullied at school, and he says they never told her it wasn't true. So now he basically has a daughter.



One of the China's top technologists says AI is coming for white-collar work before blue-collar work.



Mosaic is a new type of media experience by Michael Soderberg—like a choose your own adventure movie, but in an app. It's coming to HBO soon as well.



There's going to be another Star Wars trilogy, and a TV series.



Jeff Bezos, Bill Gates, and Warren Buffet (three people) are richer than the bottom half of the United States (160 million people).





Ideas





Moving Application Authentication to the Operating System. Why can't our OS authenticate to apps for us?



Maybe the Best Application for Blockchain is Democracy. And more specifically, voting. At least until quantum computing destroys it.



Amara's Law states that we tend to overestimate the impact of technology in the short-term, and then underestimate it in the longterm. Two great examples of this happening right now are machine learning and self-driving cars.



Tesla's head of AI says that programmers of the future will be basically be feeding data into neural networks, as part of what he calls Software 2.0.



The Data Availability Heuristic makes it difficult to just how well something is going, e.g., a startup.



Resilience is a major component of maintaining happiness, and I would argue security as well. It's not about controlling what happens to you. It's about controlling your reaction to what happens to you.





Discovery

 

For the best reading experience, I recommend you view this content natively at: Moving Application Authentication to the Operating System.

—

Benedict Evans said something on Twitter the other day that got me thinking a lot about the future of app authentication.

He’s highlighting a pain that we all experience but that we accept as necessary, like a barbed wire watch band. And it absolutely does feel like something we will eventually fix. The question is when.

I’ve been talking for a while about how good applications become OS features. I argue that new tech features follow this timeline:

The feature starts as a standalone application.
If it’s popular it’ll be adopted by social media platforms.
If it’s really compelling then it’ll eventually make it into the operating system.

There are multiple examples of this: location sharing, heart rate monitoring, workout tracking, weather, stopwatches, calculators, voice assistants, etc. It’d be enough to scare me out of being an application developer: the better your app does the faster it’ll become part of iOS and Android.

Anyway, Benedict’s point was about authentication. Why do we have all these separate logins for every application when it’s one of the worst user experiences in all of tech?

As I was thinking about it I realized that we’ve already gone through two of the phases in the App/Social/OS evolution. Password applications solve this problem by saving your passwords for you to make it easier to enter them. And Facebook and Google provide OAuth functionality so you can register and log in using your social credentials in a more transparent way.

Having an app to do it is easier than manual (step 1), and having your social network do it is easier than using an application (step 2). Now we’re just waiting for the final step, which is having the OS do it for us automatically.

And who better to know about us than our operating system? As digital assistants become more prominent, along with constant and often passive IoT interactions that will be made on our behalf, we’re going to be authenticating to services constantly. Manual interaction (and credential management) will not be an option.

Future authentication

I think the only option for us is to solve authentication’s last mile problem, which will allow us to prove not just that a device made a request, but that the right person was using that device. This is the link that must occur in order for our operating system to be able to represent us.

As I talk about in that piece, this means constantly taking multiple authentication points from us, from our gait, to our voice, to our typing patterns, ambient noise, motion sensors, and dozens of other inputs—and then using that to maintain a constantly updating authentication score.

An Active Authentication Mock-up

This score updates every few seconds, and it’s a representation of how sure the OS is that you are you.

Then, when it comes time to authenticate to a service—say to open the door to your hotel just by touching the handle, or to log you in to Facebook without an extra step—your OS will do the following:

Form a request to the authentication API for what you’re trying to do (hotel door or Facebook).
Attach the current—up to the second—security score.
Sign that request, combined with your score, with the private keys of the device and user.
Send that request to a third-party Identity Validation Service, which validates that people really are who they say they are. They in turn have their own Active Authentication Score, similar to that of the OS, but they can also see where all this user has tried to authenticate recently, so they know if this particular request is likely to be fraudulent.
The Identity Validation Service then looks to see the security level required for this action—say a 65 is required to get into Facebook, but a 70 is required to open the hotel door—and if the current AAS is higher than the requirement for the service, it will sign that signed request with its own keys and send that to the service in question.
The hotel door, or Facebook, or whatever will then see a request from the device, signed by the IVS that it trusts, with a sufficient AAS score, and it allows the request.

There are a lot of steps there, and hence a lot of requests. And it doesn’t address what happens when the IVS service goes down, or is slow, or gets DDoS’d. But you get the idea. Those are engineering and security challenges, and their existence will require optimization and resilience, but they likely won’t stop something like this design from happening.

Anyway, I wish I had thought of Benedict’s point. Application authentication really is just another feature that will eventually end up being handled by the OS. And for me it can’t come fast enough.

Read or comment at Moving Application Authentication to the Operating System.

For the best reading experience, I recommend you view this content natively at: Maybe the Best Application for Blockchain is Democracy.

—

Image from PCMag UK

There are lots of possibly great applications for blockchain technology. The one that’s mentioned most is usually finance, where people can more easily send money without no (or less) middle-entity involvement.

I think Democracy might be the killer app, though. Voting, in particular.

Two of the core concepts of the blockchain’s distributed ledger are the fact that it can’t be changed, and that every transaction can be verified by everyone else. It seems, conceptually, like a perfect fit of a technology to a human need.

But I also see challenges.

First, you need ubiquitous adoption, or close to it. You can’t roll it out for Silicon Valley and other tech-focused places and call that a victory. And it also can’t be a gate that keeps the less fortunate from voting.
There’s also the issue of tampering with Blockchains by controlling a certain percentage of the network.
Finally, there is the issue that the security of the system is based on cryptography, and attacks against that cryptography—either through traditional means or more likely through quantum computers—could cause serious issues.

Of all of these, I think adoption is the primary issue. We seem incapable of doing what we should when it requires a joint effort. Until we fix that the idea will probably be dominant only in blog posts.

Read or comment at Maybe the Best Application for Blockchain is Democracy.