Daniel Miessler's Blog, page 111

For the best reading experience, I recommend you view this content natively at: My Quick Thoughts on the iPhone X.

—

The iPhone X

I just camped for my 10th iPhone, meaning 10 straight years starting with the original iPhone in 2007. The iPhone X is my favorite device since the original, or perhaps the 5S. It’s hard to compare such things retroactively.

Anyway, there are many reviews and write-ups out there, but I wanted to capture a few basic thoughts for those who are considering one.

The screen is truly stunning. The display looks like it’s on the very surface of the glass as opposed to deeper down in the phone on previous displays. And the images and text are extraordinarily clear and attractive.
FaceID does work better than TouchID once you get used to it. The trick is to pretend FaceID doesn’t exist and to just swipe up from the bottom. You’ll naturally be looking at your phone when you do it, so don’t overthink it.
It takes very little time to get used to swiping up instead of pressing the home button.
The most kludgy part of the new UI is closing applications, where you now have swipe up, pause, release, long-press, and then swipe up or hit the red minus sign. That’s a lot more steps than double-clicking and swiping up. It’s a minor issue though.
Wireless charging is fantastic, although the pedant in me wishes it were called cordless charging. Wireless implies a physical separation from hardware, whereas this implementation requires you lay your device on a mat. Still, it’s quite convenient to not have to plug the phone in.
Paying with Apple Pay requires an additional step of double-clicking the right side button, which is there for security reasons. Basically, you don’t want to have someone walk up and swipe a reader under your phone while you’re browsing on it (which means it’s FaceID unlocked), and authorizing a purchase without any interaction.
The size is great—halfway between the normal and the large, but with way more screen.
No, the notch isn’t an issue. Not aesthetically or philosophically ideal, but basically unnoticeable after a couple of hours.
The sound on the device itself is quite good.
Even if you’re not a case person (I’m not), consider going with a case for this one. Because it’s all glass and the screen is so expensive, you might take major damage from a drop.
A neat trick you can do is putting a magnetic mount piece inside the case (towards the top or bottom) and then using a magnetic mount for your car while still maintaining the ability to use wireless charging. The receiver in the phone is towards the center of the device, so try not to cover that up.
Swiping side to side on the very bottom is how you move between open apps, and it’s quite fast and elegant.

In short, it’s a phenomenal upgrade, and I highly recommend it regardless of what device you’re coming from.

For the best experience, get a wireless charging pad and some AirPods. They’re magnifiers.

—

Read or comment at My Quick Thoughts on the iPhone X.

For the best reading experience, I recommend you view this content natively at: My Preferred View in Feedly.

—

My default Feedly view

I do a weekly show called Unsupervised Learning where I curate thousands of stories down into a 30 minute podcast and newsletter. To be able to consume that much content, I’ve spent some significant amount of time messing with Feedly to get it to display feeds the way I want.

What I’d really like is the ability to use a slider to show various levels of popularity and recency, but after some conversations with the product team I don’t think that’ll be coming soon.

The most popular + unread view

The combination above is the best configuration I’ve come across so far. It combines the most popular with those that are unread. You can get there by going to your last icon in your options on the right for a given feed (the three dots), and then pulling down that menu. Select Most Popular, and then check the Unread option.

This should give you only stuff you haven’t seen already, sorted by the articles with the most shares. This allows you to go through tons of content very quickly to find the best stuff.

Hope this helps someone.

—

Read and comment at: My Preferred View in Feedly.

Become a member to get access to special content, ask AMA questions, and participate in live events.

Start Membership

Stay curious,

~Daniel

For the best reading experience, I recommend you view this content natively at: FaceID Adds a Step for Apple Pay, and For Good Reason.

—

FaceID is an upgrade not just because it’s more accurate than TouchID, or because it’s a faster way to authenticate—it’s an upgrade because you are basically removing the authentication step entirely.

Source: FaceID is Brilliant Because It’s Subtraction Instead of Addition

I wrote that about FaceID itself, and now that I have the new iPhone X I have had a chance to use it for Apple Pay.

The interesting thing is that while we lost an authentication step with FaceID, we gained one with Apple Pay.

The issue is that you have to include an explicit action when initiating Apple Pay no matter what. It cannot just be the proximity of the reader. It that were the only requirement then people would set up a charge on ad-hoc, mobile readers and then sneak up and charge things in your pocket or on your wrist in public places.

That would be bad. So it requires you to do something.

With Apple Pay and TouchID the $something was holding your thumb on the home button and bringing your phone close to the reader.
With Apple Pay and FaceID the $something is double-clicking the right button.

The double-click on the side is also how you enable Apple Pay on the Apple Watch.

But the TouchID with Apple Pay on the phone effectively felt like a step was removed because you had to hold the phone anyway. So if you just held your phone from the bottom, with your thumb on the sensor, you basically auto-authenticated the transaction.

So TouchID/ApplePay ended up being one step (hold phone to reader), while FaceID is currently two steps (hold phone to reader and double-click the right button).

The reason Apple can’t just use FaceID auth to authenticate Apple Pay transaction is (probably) because when you’re using your phone—say on a Subway—you will be authenticated. So at that point someone could just slide a reader under your phone and instantly authenticate a transaction.

For this reason you need that extra double-click step.

Anyway, just thought that was interesting.

—

Read or comment at FaceID Adds a Step for Apple Pay, and For Good Reason.

For the best reading experience, I recommend you view this content natively at: FaceID Removes an Authentication Step, Except for Apple Pay Where it Adds One.

—

FaceID is an upgrade not just because it’s more accurate than TouchID, or because it’s a faster way to authenticate—it’s an upgrade because you are basically removing the authentication step entirely.

Source: FaceID is Brilliant Because It’s Subtraction Instead of Addition

I wrote that about FaceID itself, and now that I have the new iPhone X I have had a chance to use it for Apple Pay.

The interesting thing is that while we lost an authentication step with FaceID, we gained one with Apple Pay.

The issue is that you have to include an explicit action when initiating Apple Pay no matter what. It cannot just be the proximity of the reader. It that were the only requirement then people would set up a charge on ad-hoc, mobile readers and then sneak up and charge things in your pocket or on your wrist in public places.

That would be bad. So it requires you to do something.

With Apple Pay and TouchID the $something was holding your thumb on the home button and bringing your phone close to the reader.
With Apple Pay and FaceID the $something is double-clicking the right button.

The double-click on the side is also how you enable Apple Pay on the Apple Watch.

But the TouchID with Apple Pay on the phone effectively felt like a step was removed because you had to hold the phone anyway. So if you just held your phone from the bottom, with your thumb on the sensor, you basically auto-authenticated the transaction.

So TouchID/ApplePay ended up being one step (hold phone to reader), while FaceID is currently two steps (hold phone to reader and double-click the right button).

The reason Apple can’t just use FaceID auth to authenticate Apple Pay transaction is (probably) because when you’re using your phone—say on a Subway—you will be authenticated. So at that point someone could just slide a reader under your phone and instantly authenticate a transaction.

For this reason you need that extra double-click step.

Anyway, just thought that was interesting.

—

Read and comment at: FaceID Removes an Authentication Step, Except for Apple Pay Where it Adds One.

Become a member to get access to special content, ask AMA questions, and participate in live events.

Start Membership

Stay curious,

~Daniel

For the best reading experience, I recommend you view this content natively at FaceID is Brilliant Because It’s Subtraction Instead of Addition.

—

The iPhone X

I think one of the best ways to think about the advancement that FaceID represents is to realize that it’s removing an action instead of adding one.

True perfection is achieved not when you have nothing left to add, but when you have nothing left to take away. ~ Antoine de Saint-Exupery

FaceID is an upgrade not just because it’s more accurate than TouchID, or because it’s a faster way to authenticate—it’s an upgrade because you are basically removing the authentication step entirely.

A great way to visualize this point is to imagine a similar handheld device from a superior alien race. Assuming they needed such an interface or display at all, they would simply handle their device normally and it would still allow them to perform sensitive actions.

To an unfamiliar observer it might seem like no authentication took place, like one could just pick up any device and start taking sensitive actions on their behalf. But in reality all of that functionality had just been removed from the workflow and done automatically. It’s security made invisible and effortless.

That’s what FaceID is, and why it represents such an improvement: it adds security while removing friction.

That—even more than its accuracy or speed—is what makes it the future.

Notes


And before you say that Samsung did this a long time ago, keep in mind that it doesn’t count if you just add convenience but also remove security. That’s easy to do.

—

You can read and comment on the original piece at FaceID is Brilliant Because It’s Subtraction Instead of Addition.

To gain access to special content, consider becoming a subscriber.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

For the best reading experience, I recommend you view this content natively at Unsupervised Learning: No. 99.

—

This is episode No. 99 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…

This week’s topics: Information Warfare, AI vs. CAPTCHA, Google Bug Bug, DARPA Drone Swarms, USB Fail, Medical Extortion, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Listen and subscribe via…

Read below for this episode’s show notes & newsletter, and get previous editions…

Security news 





Russia's information warfare campaign seems to have been far more effective than first thought. They evidently reached 126 million users on Facebook, published more than 131,000 tweets, and uploaded over 1,000 videos to YouTube. Link



A new AI based on the brain's visual cortex has massively wrecked CAPTCHA security, giving over 2 in 3 success in many runs, including against re-CAPTCHA. Link



A major bug was found in Google's bug database software that allowed a researcher to look at all bugs in the system. There's some controversy because he only received $15,500 for his findings, and many are saying its worth far more than that. He points out at the end of the post, however, that it makes sense to have a lower payout since the bugs are ephemeral. Great bug and great writeup. Link



ISIS has been putting bombs on drones for a while now, and now Mexican drug cartels are doing the same thing. They're putting potato bombs on quadcopters. Link



DARPA wants US ground troops to be accompanied by swarms of small, flying or crawling robots in a project called OFFSET (Offensive Swarm-enabled Tactics Initiative). Well, we knew it was coming of course, but it's still surreal to read about it happening in realtime. Link



Someone found a USB drive full of details about London Heathrow's airport security, as well as travel details and protection plans for Queen Elizabeth II and other VIPs. Link



Twitter is banning ads from RT and Sputnik due to evidence that they are part of a concerted effort to increase social strife in the United States, especially related to Russia and the 2016 election. They will also begin labeling political ads. Link



It appears more and more companies are looking at AI for infosec help not necessarily because they think it'll work, but because there aren't enough trained humans to do the work. Link



Hackers broke into a high-profile plastic surgery clinic and stole tons of extremely sensitive images of VIP clients, including celebrities, royals, etc. Link





Technology news 





Twitch seems to be winning the gaming streaming battle against Google. Their concurrent streamers grew 67% in Q3, as YouTube gaming declined. This is expected for me because platforms like this are very similar to social media platforms, and Google seems utterly incapable of making a good interface / community. Link



Uber now lets you make multiple stops on the way to your destination, both before you start and while enroute. This is great news for many who realize they need to pick up something before they get where they're going. Link



Amazon now has over 540,000 employees, and net sales increased in Q3 from $32.7 billion to $43.7 billion. What a force. Link



Google's ad business is now larger than that of Facebook, Alibaba, Baidu, Twitter, Amazon, and Snap combined. Link



91% of payments in Australia are contactless, compared to 45% in the UK, and only 5% in the US. 5%? How embarrassing. Apple Pay seems to account for around 90% of the transactions in the markets its available. Link



IBM has simulated a 56 qbit quantum computer in a traditional architecture, and using only 4.5 terabytes of memory. Link





Human news 





Millennials may be choosing brands that make them feel safe. Link



PayPal is now worth more than American Express. Link



AI has been used to find suicidal tendencies in brain scan data. Link



A new study has again indicated that high IQ is associated with various psychological disorders. Link



Walmart is expanding its in-store robot program, but is quick to assure people that they won't replace humans. Hilarious. Link



The top 20% of incomes pay 95% of taxes. Link



GE is moving away from the forced annual performance review model that it helped pioneer, and many other companies are doing the same. Link





Ideas 





InfoSec Needs to Embrace Tech Instead of Ridiculing It Link



The New Luxury of Good Information Link



An Idea on How to Build a Conscious Machine Link



Maybe the Current Trend for Society is Fragmentation Link



On the Luxury of Abandoning a Nice Corporate Job for the Freedom of Freelancing Link



Do all predictions of the future collapse into these four themes? 1) Growth that keeps going, 2) Transformation upending the past, 3) Collapse of the present order, and 4) Discipline imposed. Link



Patreon continues to improve its tools for helping content creators grow and monetize their audiences. Another interesting player in that space is Memberful, which I use myself. I think we're basically witnessing a peer-to-peering of value creation and consumption. Link



Dungeons & Dragons is making a major comeback, and I think it's because role-playing games provide alternate meaning loops. As a life-long gamer myself I see the allure, but can't help but see it as a problem as well. It's possible to role-play as a creative outlet, which I think is good, but it's also possible to do as a substitute for succeeding in real life, and that's not good. Link





Discovery 

 

For the best reading experience, I recommend you view this content natively at: On the Luxury of Abandoning a Nice Corporate Job for the Freedom of Freelancing.

—

I think in the future these are the types of statements from rich people that are going to cause riots in the street.

I was just reading the post that this quote came from and I was having feelings. First, it’s a great post. Definitely valuable for anyone looking to up-level from just having a great corporate job into true career bliss.

Definitely admirable, and the author did a great job talking us through it.

But the whole time I was reading it I kept thinking of all these books I just read about the middle working class, who is essentially clawing their way through every single hour of every single day.

They’re working at Walmart. They’re driving Uber. They’re raising kids. They struggle to pay rent, to buy food, to pay for healthcare. And they’re trying to be parents at the same time. And that’s the bottom 2/3 or so (people disagree about the numbers) of everyone who works.

Imagine them on a midnight shift at Walmart, stocking shelves because the new robot that just arrived isn’t good enough at it yet, working 30 hours a week here on random days that don’t qualify for benefits by design. And imagine reading that working a job that axes your flow is not an option.

The axing of flow. As a priority. What an amazing life to have where this is your problem.

Anyway, then there are some who make decent money, but aren’t doing well really. They make 40-70K a year, or maybe 80K as a household. They’re struggling, but they’re getting by.

And then we have people like this author (and me too, I must say), who are so fucking blessed that we can say things like she says in this piece. More goodies like:

Leaving your job is scary enough. Quitting without a solid plan is even scarier. But damn, is it ever exhilarating.

Exhilarating. Leaving your nice corporate job. That pays more than probably 90% of all jobs in the country, where you probably do far less work.

When I hear it on its own I want to give her a high-five. Great job! Nicely done. Reclaim the soul, for sure.

But when I hear it in the context of the struggle that most people are facing, I can’t help but feel scorn. Scorn for her for being tone deaf, and scorn for the world for having this much disparity in the livelihood of people.

Her post should apply to everyone, not just the top 10% that it actually applies to.

The only real fault I see in what she wrote is that she seems unaware of her blessed state. It’s almost like she’s saying this to the world. Quit your job! It’s so much better. A bit challenging, but worth it!

News bulletin: very few people in the entire world work for fun, or find anything redeeming about work whatsoever. They do it for survival and nothing more.

I feel like the entire piece could be fixed by just saying—somewhere in the post—that she feels lucky to even have this option, because she knows most do not. Sweet. That’s all I needed to hear.

But as it stands it just sounds disconnected from the world, which I think is happening more and more. People live in their little tiny worlds and are unable to empathize with the plight of The Other.

Again, it was a great piece. I just couldn’t help but feel like she was disrespecting those who would do anything for the job she escaped from.

But that’s not her fault. That’s the world’s fault. That’s all of our fault.

—

You can read and comment on the original piece at On the Luxury of Abandoning a Nice Corporate Job for the Freedom of Freelancing.

To gain access to special content, consider becoming a subscriber.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

For the best reading experience, I recommend you view this content natively at: It’s Not Bias When Artificial Intelligence Tells Us Something True and Uncomfortable.

—

image by thinkstock

I think many are confused about bias in artificial intelligence.

I think what it should mean is when you present training data to an algorithm that doesn’t represent reality. So you thought you were telling the AI how the world really is, but for some sampling-related reason you fail to do that.

The result is poor predictive capabilities or some other negative effect.

What I think we could be seeing a lot of though, is situations where the algorithms are presented with accurate data about the world, but the analysis produced by the AI is offensive in some way.

This could come in a couple of forms that I can think of immediately:

The AI tells us something about reality that is uncomfortable.
The AI tells creates a stereotype of groups by surfacing options for “people like them”.

In the first case, analysis of larger and larger datasets is likely to reveal truth in an uncomfortable way, for example maybe saying that Asian women don’t often select black men as potential dates. This is reality of course, but in the polite and insulated world of common courtesy we like to believe everyone likes everyone else the same.

Big data analysis and AIs will peer through political correctness and show us things we don’t want to see or talk about.

In the second case, you might tell an AI that you’re a Trump supporter who didn’t go to college, and it might recommend a local gun shop or a NASCAR event. Or maybe a way to make money in a tough economy. And people might find that rude.

How dare they assume I’m struggling financially and like country music just because I voted for Trump?

Now imagine all the various ways this awkwardness could play out, for different ethnic groups, different socio-economic groups, education levels, etc.

Basically, we need to understand the difference between AI having bad training data in the sense that it doesn’t represent reality, vs. algorithms producing views of reality that make different groups unhappy.

There will be tremendous pressure to treat case 2 as case 1 for political reasons.

Oh, the algorithm was broken; we’re very sorry.

But in reality what the engineers and product teams might do is simply write a hard rule that removes a given analysis or recommendation, even though feeding more and more quality data about the world will yield the same results.

Another example might be an algorithm recommendation for women in Shanghai for a product that whitens their skin. If a PC group in San Francisco hears about this they’ll say the algorithm is biased towards white people, and against people of color.

But the truth might be that it was a great product match, because so many women exactly like her user want that product, and in fact she did too.

In short, algorithms aren’t biased for revealing a version of the world that we don’t want. They’re only biased if they fail to represent reality. We have to understand this distinction, and work to keep the line between these two situations as bright as possible.

And perhaps it’s ok to tweak algorithms to not produce results that could be offensive to anyone. That’s a product decision that people should be allowed to make. But I have a feeling that companies who lean strongly in this direction will face fierce competition from those who let unpleasant truth shine through.

I think the better algorithms get, and the more data they see, the more insightful and potentially awkward truths will be revealed to us.

We will simply have to acclimate to this reality as a waste product of machine learning.

—

You can read and comment on the original piece at It’s Not Bias When Artificial Intelligence Tells Us Something True and Uncomfortable.

To gain access to special content, consider becoming a subscriber.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

For the best reading experience, I recommend you view this content natively at: The Difference Between Narcissism and Self-Esteem.

—

Well this explains a lot.

Whereas self-esteem tends to be at its lowest in adolescence, and slowly increases throughout life, narcissism peaks in adolescence and gradually declines throughout the lifespan. Therefore, the development of narcissism and high self-esteem show the mirror image of each other throughout the course of human development.

Source: Narcissism and Self-Esteem Are Very Different – Scientific American Blog Network

I’ve always wondered why you shouldn’t trust someone who peaked in high school, and perhaps this is part of the reason.

Maybe the best people have high self-esteem, but low narcissism, and so anyone who was confident and happy in high school probably had the latter.

It would also explain why so many of them tend to be miserable later in life.

Thoughts?

—

You can read and comment on the original piece at The Difference Between Narcissism and Self-Esteem.

To gain access to special content, consider becoming a subscriber.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

For the best reading experience, I recommend you view this content natively at: The New Luxury of Having Good Information.

—

art by Sarah Walker

There’s something of a trend right now to identify various things that only the rich seem capable of these days and calling those luxuries. Some examples include: boredom, creativity, caring about the environment, philanthropy, etc.

They’re things that, as it turns out, have a lot of prerequisites—most important among them being time and money.

It’s not easy to be bored and creative when you work multiple jobs trying to pay for food, shelter, and healthcare. And in that state of mind the environment isn’t likely near the top of the concern list. Now add to that all manner of things that come with free time and spending money.

So one way to see these things is as luxuries. Another way to see them is as major advantages. And I thought of another one.

Good information.

Everyone is talking about how bad our information sources are, and how it’s impossible to know what to believe and what not to believe. I get it. If you’re not educated, if you’re being bombarded with multiple attractive narratives that explain the hardship in your life, and if you have no way to detect deception—sure, that’s a problem.

But it’s not a problem for me, or for most people I spend time with.

Why? Because we went to college. Because we were taught about how media influences the world. We were taught about bias, and perspective, and nuance, and context, and all the common pitfalls of interpreting information. That doesn’t mean we’re immune to bias, but at least we know it’s there—both in what we read and in ourselves.

I think one big problem we have is too many top 10% types thinking everyone has the ability to tell good information from bad.

I don’t think most do. I think it’s probably very rare. I think to the majority of Americans, all the news and media looks the same. They can’t tell the difference between an expert and a con, a spin job and solid journalism, etc. So they do what makes sense to them and pick a source that resonates with their emotions.

So, just like philanthropy and activism and creativity—knowing the difference between good and bad information turns out to be an advantage for the rich. And not a minor one, either.

Being able to know what’s actually happening in the world vs. not—that’s foundational. If you’re misguided about how the world works then you’re less likely to get a good job, to raise your kids well, to live a healthy life, etc. It’s a near guarantee of hardship anywhere in a modern society.

I’m not sure of a solution yet, but I do know it’s giving me pause. It’s making me think a bit more before looking down on the idiot who can’t tell fact from fiction. They simply might not have the tools.

—

You can read and comment on the original piece at The New Luxury of Having Good Information.

To gain access to special content, consider becoming a subscriber.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel