Daniel Miessler's Blog, page 112

art by Sarah Walker

There’s something of a trend right now to identify various things that only the rich seem capable of these days and calling those luxuries. Some examples include: boredom, creativity, caring about the environment, philanthropy, etc.

They’re things that, as it turns out, have a lot of prerequisites—most important among them being time and money.

It’s not easy to be bored and creative when you work multiple jobs trying to pay for food, shelter, and healthcare. And in that state of mind the environment isn’t likely near the top of the concern list. Now add to that all manner of things that come with free time and spending money.

So one way to see these things is as luxuries. Another way to see them is as major advantages. And I thought of another one.

Good information.

Everyone is talking about how bad our information sources are, and how it’s impossible to know what to believe and what not to believe. I get it. If you’re not educated, if you’re being bombarded with multiple attractive narratives that explain the hardship in your life, and if you have no way to detect deception—sure, that’s a problem.

But it’s not a problem for me, or for most people I spend time with.

Why? Because we went to college. Because we were taught about how media influences the world. We were taught about bias, and perspective, and nuance, and context, and all the common pitfalls of interpreting information. That doesn’t mean we’re immune to bias, but at least we know it’s there—both in what we read and in ourselves.

I think one big problem we have is too many top 10% types thinking everyone has the ability to tell good information from bad.

I don’t most do. I think it’s probably very rare. I think to the majority of Americans, all the news and media looks the same. They can’t tell the difference between an expert and a con, a spin job and solid journalism, etc. So they do what makes sense to them and pick a source that resonates with their emotions.

So, just like philanthropy and activism and creativity—knowing the difference between good and bad information turns out to be an advantage for the rich. And not a minor one, either.

Being able to know what’s actually happening in the world vs. not—that’s foundational. If you’re misguided about how the world works then you’re less likely to get a good job, to raise your kids well, to live a healthy life, etc. It’s a near guarantee of hardship anywhere in a modern society.

I’m not sure of a solution yet, but I do know it’s giving me pause. It’s making me think a bit more before looking down on the idiot who can’t tell fact from fiction. They simply might not have the tools.

—

Original post: The New Luxury of Good Information.

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can easily indulge in fancy coffee, please consider becoming a supporter.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

masscan run with no parameters

Basics
Background
Installation
Single-port Scans
Multi-port Scans
Scan Top Ports

Options
Scanning Fast
Excluding Hosts
Saving Your Configuration
Output
Nmap Functionality

Quickstart
Finding Web Ports on a Network
Finding All Ports on Network
Finding the Top 10 Ports on a Network
Scan the Whole Internet for a Port
Scan the Whole Internet for a All Ports

Basics

Everyone knows nmap as the rightful king of the port scanners, and it still remains the most versatile option today. But for pure speed there have some that have surpassed it, including scanrand, unicornscan, zmap, and now masscan.

Asynchronous transmission means the scanner doesn’t have to wait for replies before sending out probes.

masscan was created for the sole purpose of scanning the entire internet as fast as possible, according to its author Robert Graham, this can be done in less than 6 minutes at around 10 million packets per second.

In this short tutorial we’re going to learn the basics and provide some real-world examples.

If you just need syntax to run with you can jump ahead to the Quickstart.

Installation

Installing masscan is fairly straightforward whether you’re using Linux or macOS.

This will install the binary under bin/masscan; you’ll have to move it to run it from somewhere else.

# Install on Debian/Ubuntu

$ sudo apt-get install clang git gcc make libpcap-dev

$ git clone https://github.com/robertdavidgraham/...

$ cd masscan

$ make

brew is the main command for Homebrew, which you can get here.

# Install on macOS

$ brew install masscan

Single-port Scans

Many people use masscan to scan very large networks (such as the internet) on one or just a few ports.

masscan has been designed to work much like nmap, which makes it instantly approachable for thousands of security professionals and enthusiasts.

# Scan a class B subnet for port 443

$ masscan 10.11.0.0/16 -p443

Multi-port Scans

You can also scan multiple ports using a comma as a separator.

# Scan a class B subnet for port 80 or 443

$ masscan 10.11.0.0/16 -p80,443

Scan a Range of Ports

Or you can scan a range of ports using the dash.

# Scan a class B subnet for ports 22 through 25

$ masscan 10.11.0.0/16 -p22-25

Scan n Number of nmap‘s Top Ports

In addition you can use nmap’s ‐‐top-ports option, which lets you specify the top n number of the most common ports to scan. So if you give it ‐‐top-ports 100 it’ll scan the top 100 most common ports discovered according to nmap.

If you don’t have the ‐‐top-ports option available to you, make sure you have the latest version of masscan.

# Scan a class B subnet for the top 100 ports

$ masscan 10.11.0.0/16 ‐‐top-ports 100

Options

The default masscan options

You can check masscan’s options with the ‐‐echo switch.

Now that we’ve covered some basics, let’s look at some additional tweaks we can make.

Scanning Fast

Using the settings above you’ll definitely get results, but the speed will be quite average. As discussed already, the whole point of masscan is to be quick, so let’s speed it up.

By default, masscan scans at a rate of 100 packets per second, which is quite slow. To increase that, simply supply the -rate option and specify a value.

# Scan a class B subnet for the top 100 ports at 100,000 packets per second

$ masscan 10.11.0.0/16 ‐‐top-ports 100 -rate 100000

Scanning this fast (or even slower) is likely to cause all sorts of problems, including getting your system blocked on the internet, getting abuse complaints to your hosting provider, etc. Don’t just start scanning large networks without setting groundwork first.

How fast you can scan is going to depend on a lot of factors, including your operating system (Linux scan scan far faster than Windows), the resources of your system, and—most importantly—your bandwidth. In order to scan very large networks at high speeds you’ll need to use rates of a million or more (-rate 1000000).

Excluding Targets

Because much of the internet can react poorly to being scanned—and also just out of sheer courtesy—you may want or need to exclude some targets from your scans. To do this, provide the --excludefile switch along with the name of the file that includes lists of ranges to avoid.

# Scan a class B subnet, but avoid the ranges in exclude.txt

$ masscan 10.11.0.0/16 ‐‐top-ports 100 ‐‐excludefile exclude.txt

This will produce the notification at the top of your scan that:

exclude.txt: excluding 1 range from file

Saving Your Configuration

As we mentioned earlier, you can show the current masscan options using --echo, but you can also save them to a file using the standard method.

# Scan a class B subnet, but avoid the ranges in exclude.txt

$ masscan 10.11.0.0/16 ‐‐top-ports 100 ‐‐echo > scan.txt

Output

First, you can just use the standard Unix redirector to send output to a file:

$ masscan 10.11.0.0/16 ‐‐top-ports 100 > results.txt

But in addition to that you also have the following output options:

-oX filename: Output to filename in XML.
-oG filename: Output to filename in Grepable format.
-oJ filename: Output to filename in JSON format.

Nmap Functionality

As mentioned initially, masscan is built to work much like nmap, which makes it familiar to many security people. Here are some of the other nmap-like options that are available:

You can see the nmap-like functionality by passing the --nmap switch.

-iL filename: Read inputs from a file.
‐‐exclude filename: Exclude a network on the command line.
‐‐excludefile: Exclude networks from a file.
-S: Spoof source IP.
-v interface: Verbose output.
-vv interface: Very verbose output.
-e interface: Use specified interface.
-e interface: Use specified interface.

Quickstart

Ok, here are some quick and functional scan examples that you can start with and then tweak to your taste and requirements.

We’re assuming here that you want to scan quickly.

Scan a Network for Web Ports

$ masscan 10.11.0.0/16 -p80,443,8080 -rate 1000000

Scan a Network for the Top 10 Ports

$ masscan 10.11.0.0/16 ‐‐top-ten -rate 1000000

Scan a Network for All Ports

$ masscan 10.11.0.0/16 -p0-65535 -rate 1000000

Scan The Internet for A Port

We’ve increased the speed to 10 million per second, which will max you out.

$ masscan 0.0.0.0/0 -p443 -rate 10000000

Scan The Internet for All Ports

In general you should expect bad and/or amazing things to happen if you try this.

$ masscan 0.0.0.0/0 -p0-65535 -rate 10000000

Summary

There are other options available that you can get from following the readme.md for the source code repository, but this primer should get you up and running nicely.

Happy (speed) scanning!

Notes


There are number of defaults that are enabled with masscan that need to be defined with nmap simply because the scanners work in different ways. For example, masscan always treats all hosts as online, scans are always randomized, it’s a SYN-based scan, it never does DNS resolution, and scans are performed using raw libpcap.
One thing that’s fairly unique to masscan is that you can easily pause and resume scans. When you press ctrl-c a file is created called paused.conf that has all the settings and progress from the scan. You can resume that scan with ‐‐resume paused.conf.
The project readme.

—

Original post: A Masscan Tutorial and Primer.

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can easily indulge in fancy coffee, please consider becoming a supporter.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

Many of you have commented throughout the years about the site not having comments.

The reason I removed them is because spam was a major hassle to manage, and there didn’t seem to be enough value to make it worth it.

But both my regular readers and newcomers continue to wish that they could say something right on the site instead of somewhere else, so I’m going to try again—this time using Facebook Comments.

I chose Facebook Comments for a few reasons:

Everyone (most people) use Facebook, so it’s familiar and intuitive.
Facebook deals with spam probably as much as anyone, so they’re probably pretty good at it.
It has a clean look and feel on the site that doesn’t detract too much.

So comments are now active. You can find them at the bottom of ever post and page.

If you have any…um, comments on this change, be sure to…opine below.

Thanks for reading.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can easily indulge in fancy coffee, please consider becoming a supporter.

Monthly:  $5, $10, $25

One-time:  $5, $10, $25

Thank you,

Daniel

I’ve been consuming a lot of content about AI lately. I’m reading What to Think About Machines That Think, which is a compilation of tons of expert opinions on the topic, and I’ve also read a few other books and follow the a16z and Waking Up podcast where it’s a frequent topic. These inputs don’t make me an expert by any interpretation—I’m just someone with an interest who’s read some things.

That aside, I think I might have an interesting idea for how to build a conscious machine.

If you follow the AI space at all, you know that consciousness is a big deal, and also that it’s quite separate from human-level intelligence or super-intelligence. These are all distinct things according to most.

The issue of super-intelligence is far beyond my ability to even poke a stick at, although I think that it’s a bit more understood as a complexity problem, and, thus, inevitable.

Conscious machines is what really gets me excited. How would you go about making them conscious? Would it be conscious in a different way than we are, similar to how machines are intelligent in different ways than us?

And these questions, of course, first require to even understand how and why we are conscious, so step 0 is still out of our reach.

But I have an idea, which starts with explaining why I think we evolved consciousness. A few years back I wrote a short piece called An Evolutionary Explanation for Free Will.

Essentially, we became conscious as a side effect of evolving the sensation of free will, responsibility, and blame and praise. These together allowed societies to form, grow, and prosper, and once humans had these things—or perhaps in order to get them—we developed the idea that we were the authors of actions and our experience of the world became what we now call conscious.

This of course required the necessary hardware, sufficient complexity, etc., but the main component was the concept of praise, blame, responsibility, and the notion that we were the original cause of the action. As Daniel Dennett writes, “It’s a bag of tricks.”

So that’s my explanation for how we gained consciousness. Now on to the task of creating it in machines.

Remember that I’m a security consultant, not an AI researcher. I am not claiming expertise here.

I wrote another piece more recently about what it will take to make human-like computers, called My Current Predictions For Thinking Machines. There I argued that it’s not about intelligence, or consciousness, but instead all about goals. In Desire is the Center of Humanity, I made this exact case, and pointed out that having and satisfying strong desires is the center of human happiness.

Now let’s add what just happened with Alpha Go Zero. I’m sure you remember that Alpha Go was the computer that beat the best human Go player. It ran on like 140 Google CPUs and had hundreds of hours of training by human Go players.

Alpha Go Zero is the new version of Alpha Go, and it runs on 4 processors instead of 140. It beat its predecessors in just 3 days, which was impressive, but the mind-blowing part is that it didn’t learn anything from humans. It taught itself by playing itself.

Reinforcement Learning is a subset of Machine Learning, where agents take actions within an environment to attempt to maximize reward, and that’s what Alpha Go Zero used to improve. Winning was the reward, and it was able to keep trying combinations to improve.

Now combine this with Evolutionary Algorithms, which are algorithms that model evolution in creating randomly modified variants that are then tested for success against a given criteria.

That’s quite a stack of blocks we’ve just assembled. Let’s review:

Humans attained consciousness as a side effect (or prerequisite?) of gaining the responsibility capability, which allowed them to thrive in complex societies.
Desires and goals are the most fundamental component of humanity, with evolution supplying ours as survival and reproduction.
Once you have goals you can use Reinforcement Learning to try to achieve them.
You can potentially use Evolutionary Algorithms to try many different ways of achieving better outcomes, i.e., further maximizing your reward.

So that brings us to the idea.

I think we can build conscious machines by supplying the goal of maximizing the effectiveness of a large society of agents, and letting the system evolve it the same way it did with us.

Basically, conscious agents are so good at following rules and creating orderly societies that we should expect an evolutionary algorithm to stumble upon the same solution multiple times.

So we create a massive number of agents, put them into societies, and give the goal of having those societies achieve better things than their competitors.

If sufficient experimentation is allowed, and there are sufficient resources to run these experiments, I believe that the system will stumble on the same thing that evolution did—which is agents that have a sense of responsibility, blame, and as a result—internal experience.

In short, reproduce the environment that we developed consciousness, line up the goals and incentives in the same way, and let the combination of Reinforcement Learning and Evolutionary Algorithms do their thing.

It might not build the same consciousness we have (and probably won’t), but I don’t see any more direct path to accomplishing the task.

I would love for someone with formal training in the field to tell me the different ways I’m wrong—or potentially on to something.

Notes


As I was writing this, and listening to part of the book mentioned above, I realized that complexity and time might be an insurmountable constraint. It’s not helpful, for example, to say that we could recreate consciousness if we could recreate Earth. Sure, but what does that get you? I do think that we could potentially do this at a much smaller scale with far fewer variables, but that’s where ideas reach their limitation and you start to need true expertise in the field to explore and validate.

—

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel

[image error]

an amazon key delivery

Amazon just announced a new service called Amazon Key where you can install an approved electronic lock and give the Amazon delivery person a one-time use code to put your package inside your door.

Listen to the audio version of this essay.

The responses are witty, humorous, and predictable.

Amazon Key = Nope

— Matt Speed (@MatttSpeed) October 25, 2017

Amazon Key asks you if you would—
Nope.

— Adam J. P. (@adamjasonp) October 25, 2017

That whole Amazon Key thing. Yeah, nope.

— Merry (@AmeryMerry) October 25, 2017

And that’s just from the regular public. My InfoSec family has reacted with its characteristic and more visceral, “Not just no but hell no.” response, and it’s given me the opportunity to comment on something that’s bothered me for a while.

I get that security people are supposed to be cautious. I get that we’re supposed to be weary of risk. But I worry that the community as a whole enjoys saying “no” a bit too much. It’s a curmudgeon fetish.

Making fun of new internet-connected technology is a shibboleth for the infosec in-crowd.

I think the community could benefit from some perspective on this topic, which I tried to capture in Comments on Internet Security from 2076. Here a professor from the future describes the flaw in our thinking at the time.

I mean, the mid-1990s was the most transformative period in human history. We know that now. We get that now. But back then the security experts of the time just saw the technology as unfixable. And they spent all this time “online” together to complain about how dangerous everything was, and how it was all going to hell, how it was completely hopeless. (laughs)

It’s coming. All of it. And nothing we in security or anywhere else can say or do will stop that. Functionality beats security every time. Major safety incidents will slow things down, but not for long.

Trying to stop the internet-connected everything is no different than trying to stop mass adoption of cars, or computers, or smartphones.

As security people we should be the ones telling everyone it’ll be ok. We should be giving the perspective of the professor in 2076. Yes, there are thousands of companies doing heroically stupid things with devices on the internet. And yes, it will cause major problems from time to time. But 30 years from now it’ll just be another revolution that changed humanity, just like the ones before it.

The panicked reaction to this rapid change should be expected by the public, but InfoSec should have more knowledge of history than that. More context. More calmness of mind.

The people need our help making all this insecure garbage work for them, and help making it better. They are demanding the functionality and they will get it, so let’s stop being the doctor who cries when they tell us where it hurts.

Someone needs to be strong about this—to have the vision to see the other side of the chaos—and that’s going to have to be us.

Besides, as everyone in InfoSec knows, your front door isn’t secure anyway. Not by a long shot.

Common door locks are wet paper towels that disolve under the slightest scrutiny. Somebody show me a threat model where this Amazon system is used to bypass an electronic lock that doesn’t also find that it’s much easier to just break a window or pick the lock.

Door locks have not improved much past napkin-level because they haven’t needed to. The people who are supposed to stay out generally do, and the people who want to get in without invitation generally can. Amazon Key does not change this calculus.

So enough with the curmudgeonry. This shit is happening. Full speed. No stops.

Like it or not, we are the shepherds in this mess. And it’s time to start acting like it instead of running in fear with the sheep.

Notes


And no, that doesn’t mean I (or anyone else) should be installing every nuclear stupid device out there. It means that, as a group, we should embrace and work to secure this change rather than displaying the same fear as the public and rejecting it. Because it’s inevitable.
Thanks to my anonymous friend for coaxing me into writing this. I wonder if there are others who might share the opinion but be too afraid of backlash to voice it. At 20 years in I have little such fear of conversation with my colleagues.

—

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel

One of the most exciting things that the combination of the Internet of Things and AI will bring us is the concept of a life management and visualization system, or a Life Dashboard.

Location tracking in Gyroscope

Imagine as a head of household being able to define your family’s goals for education, savings, investments, diet, exercise, media consumption, travel and vacations, etc., and tracking progress towards those goals in a realtime and visual way. That’s what Life Dashboards will be.

The Internet of Things and artificial intelligence are the technologies that will make this possible for the following reasons:

The Internet of Things will enable us to capture data about virtually every facet of our lives and collect that data into a stream of events that can be processed. These will come from wearables, from our homes, the vehicles we use to travel, our work, and any other system that captures data about us.
Artificial Intelligence will then be able to look at that stream of events and recommend actions for you to take, e.g., you should eat this meal to supplement your diet, or because it knows you’ll enjoy it, or you should watch this show or make this investment because so many of your other friends have done the same and have given positive reviews.

I talked about Desired Outcome Management in my book The Real Internet of Things.

Image from Gyroscope

The key concept is that you will tell the system what you’re trying to achieve, and it will then build you a plan for achieving those goals based on everything it knows about what works and what doesn’t work for people like you.

These recommendations will be powered by machine learning that predicts outcomes based on vast quantities of similar data, e.g., which shows you’ll like, which investments you’ll see as smart, how best to educate your kids, what place to take your family to for dinner in town, etc.

And then, on any given day or any given weekend, the family will be able to look at the Life Dashboard and see how they’re doing.

Are they getting enough exercise?
Are we investing enough in our future?
Are we overdue for a vacation?
Is there a show that my closest friends with families absolutely recommends we watch?
Is there a book that I should read to prepare for an upcoming work event?

Eventually the system will be advanced enough to always have a recommendation for you, about whatever it is that you need. What vacation should I choose? It knows because it knows what your most similar friends did and liked, combined with all the reviews about the place. Same for where to invest $5,000 dollars, what to watch for entertainment tonight with the family, what exercise to try to break up the monotony, etc.

People who react viscerally to this with statements like, “I would never want my life managed in this way by a computer.”, would probably also say the same thing in 1980 about a smartphone or a digital calendar. It’s scary because it’s new, but the pure value that it brings will quickly squelch the objections.

The reason this type of system will be so popular—not just for complete life management but for smaller areas like fitness as well—is that it’s hard to define goals and stay on task with them.

The idea for a Life Dashboard is that it becomes your permanent wallpaper, your permanent screensaver, your ever-present reminder of what those goals are and how you’re doing against them.

And not only do you see how you’re doing against your own goals, but you also see the next action you should take right now to make progress.

It’s a bit strange to think about right now, but I can promise you it’s coming and that it’ll be a revolutionary way of managing life goals and outcomes.

Notes


The images in this post are all from Gyroscope, an app that’s working on a smaller vision of this currently. The piece that it’s missing is true life management and recommendations. It’s mostly just the visualization at this point.

—

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel

This is episode No. 98 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…

This week’s topics: The Reaper botnet, Google Advanced Email Protection, Bitcoin Over $6,000, Duo’s $70 million, Dubai going to facial recognition, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Listen and subscribe via…

Read below for this episode’s show notes & newsletter, and get previous editions…

InfoSec news 





IOTROOP (also called Reaper) is an growing botnet that’s already infected over 1 million organizations, according to Check Point. It’s using similar techniques to Mirai, but it’s far more advanced. Like Mirai it’s using default credentials to attack systems, but it’s also using exploits to attack as well. The researchers think it might be spinning up for a major DDoS attack. Link



Google launched Advanced Protection for Google Apps email last week. It basically does a nuclear lockdown on email security for an organization that’s really worried about getting hacked. They have all sorts of protections in there that can be a bit unforgiving, so it’s not for casual use. Things like requiring a USB key or bluetooth dongle for access to your account, stricter malware scanning on the backend, etc. Link



Bitcoin just topped $6,000, and now websites are commandeering visitors’ browsers to make them mine for them. There’s a package called Coin-Hive that starts mining as soon as you visit a site. Many sites have put it there on purpose, and others have been hacked and had the code placed there by attackers. Link



Windows 10 is adding game cheating prevention to TruePlay in the fall Creator’s Update. It’ll let you prioritize a game as a protected process, which will disable some of the common ways cheats interact with the game. Link



Google Play apps with as many as 2.6 million downloads added installed devices to a botnet. Link



Duo just raised $70 million in a Series D. Link



Dubai is moving to replace ID checks with a facial recognition tunnel. Link





Technology news 





The version of Alpha Go that defeated humanity’s best Go player just lost to a new version of itself that has never been trained by humans. It taught itself how to play. Awesome used to mean a combination of scary and amazing. That’s what this is: awesome. Link



Big banks are embracing blockchain, and are now starting to roll it out as a means of speeding up money transfers from days to hours (and hopefully to minutes or seconds before too long). It’s also going to help them immediately with cross-border transfers. This is a big deal. It’s like the British Army deciding to use guerrilla tactics. Link



Tesla is pushing its new insurance plan, called InsureMyTesla, which gives you cheaper rates because of Autopilot. Link



Magic Leap has raised another half a billion dollars, bringing the total amount to around $2 billion. I hope whatever they end up making is going to be as good as anticipated. Link



Alphabet has invested $1 billion in Lyft. Link





Human news 





Johns Hopkins scientists find that the Dual N-Back brain training regimen is the best system discovered so far for improving mental performance. Link



Due to weight and fitness, misconduct, medical issues, mental health problems, and substance abuse concerns, 71% of 17 to 24-year-old Americans are unfit for military service. Link



Experts are blaming the food industry for saying that exercise is a solution to obesity, likening it to the cover-up regarding the dangers of smoking. Many scientists are now saying that losing weight has very little to do with exercise, and that reducing food intake is the way to go. Link



Nearly half of U.S. medical care comes from emergency rooms. Unbelievable. Link



Stockton, CA is spending $1 million to try a basic income experiment. Link



There’s a growing number of scientists who are seeing sugar more like a toxin than a food, and they’re essentially saying that it invalidates the old concept of calorie in / calorie out that we’ve been sold for decades. Link



Researchers look at why you can focus in a loud coffee shop but not in an open plan office. Basically, if you’re not listening to the noise and it’s at a certain level, it produces creative distraction. And if it goes above or below a certain volume, or you care about what the other people are saying, it does the opposite. Link



Many doctors are now saying exercise, especially Yoga, is better for back pain than pills or surgery. Link



Researchers say Tinder is showing us that men look for beauty in a mate while women look for intelligence, career prospects, and stability. Link



Another story on the depression chatbot I wrote about last week. It’s called Woebot. Link





Ideas 





Personal Sensors Are the Next Breakthrough in Consumer Electronics Link



Beware of Alternate Meaning Loops Link



On the Effects of Shaming Sexual Harassers in Hollywood and Tech Link



How I Would Build My Life If I Could Engineer It From Scratch Link



Why I Call Myself an Atheist Instead of an Agnostic Link



Why I Identify as a Feminist Link



This kind of improvement speed we’re seeing with Alpha Go Zero is all fun and games until it isn’t. We really need some monitoring placed on AI development before we innovate ourselves out of existence. There are lots of things that need to happen before that would be possible, but the point is that the jumps happen quickly, and we might not know what’s happened until it’s too late. 



China is about to pass everyone in terms of new infrastructure, green tech, renewable energy, electric cars, etc. They basically just decided that there was an opportunity to become a world leader on all these things, while everyone else is paralyzed or distracted, and it’s frightening what they’re about to accomplish. We’re going to be left with old bridges, gas cars, ailing roads, and they’re going to be one of the only countries in the 21st century. All because they can simply turn it into a leadership issue internally and unanimously decided to do it. 





Discovery 





How to track an individual’s physical location using less than $1,000 in online ads. Yet another reason to use an ad blocker. Link



Cambridge Analytica is the data analytics company that supposedly helped Trump get elected. They evidently had so much good data on everyone that they knew exactly which buttons would be effective to push. You can request the data that they have on you by mailing them here. Link



It’s easier than ever to create working keys from images. Link



An article on replacing Mailchimp with Amazon SES + Mailwizz. Link



IPFS — The Interplanetary File System Link

 

image from blade runner

I’m reading about the situation in Spain, where we’re basically talking about secession.

We had Brexit.

Now we have the U.S. being torn apart from within by Trump, Russia, and its various internal factions.

I wonder if there isn’t a clear overall trend here, which is something like:

Income disparity and limited resources cause tension.
High immigration in Europe, the U.S., and Canada mean the groups there fail to blend in with the country and those populations of Asians, Africans, Eastern Europeans, Hispanics, etc., become extensions of the mother country instead of immigrants integrating into a whole.
As Europe, the U.S., and Canada become more self-conscious about its colonial past, they become even less inclined to talk about any central identity for those countries, because central identity to them reeks of facsism. So they take the easy road of letting everyone just be themselves.

Add up these three numbers and the sum is easily predictable. Fragmentation. Balkanization. Strife.

The question is, how do the groups break up? What are the partitions? I think the answer is two-fold: race and money.

Races will band together because it’s the most primitive of bonds. And then the rich will also band together because they’ll largely share a worldview and won’t really be able to communicate with the proletariat.

Governments will largely fail because they require national identity to be powerful, which leaves us with corporations as power centers.

Now add in the fact that corporations will largely be laying people off and moving to a contractor and gig-based economy, and you have a very strange future indeed.

I’m not a professional historian, or social scientist, so maybe I’m missing something major here. This is just speculation based on reading a lot of books and thinking a lot.

Would love to hear other factors and interpretations.

—

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel

As I write about in the philosophy of Westworld, life is really about meaning loops.

Everybody has them.

For some people it’s raising kids and being a good parent. For others it’s about becoming famous for their work. Others want to make some sort of impact on the world. Different people want to be revered or feared, respected or admired.

But whatever that thing is, that thing that you’re pursuing, it is the framework that evolution is using to inspire you to improve. Evolution needs this because it wants (not really) to have the best possible outcomes, so it figures out what the game is in any particular context, and then makes winning that game the shiniest thing possible.

This is why someone can hate country music and big trucks, but if they move to south Florida in their early 20’s they’ll probably soon like them. Evolution makes us like, and want to be successful within, the culture that surrounds us. So we quickly take on the preferences of those around us so that we can be a successful competitor in that environment.

The thing is, I think human brains are set up to have one meaning loop at a time.

Many years back I wrote about the potential dangers of role-playing, where I talked about this exact thing but without collapsing it down to an evolutionary pressure.

My takeaway was that you can’t maintain two striving contexts simultaneously, and that role-playing is extremely good at recreating entire realities—and thus striving contexts as well. So you basically have to decide which context you care about and go all-in with it. That’s the only way to keep your brain happy.

Switching contexts is really hard, which is why a lot of my role-playing friends say they experience depression when a major campaign ends. It’s because it causes their brain to struggle for a meaning infrastructure, and until you find the next one you can’t be happy.

Of course, this is also why people are depressed in general—not having such a structure.

And of course that’s why role-playing is so attractive to many: it provides a way to achieve greatly within a fully-contained infrastructure and thus receive the pleasure rewards that evolution grants us when we succeed.

Think about that.

Role-playing, and other types of immersive games, are basically tricking evolution into thinking that we’re successful so that evolution (through the brain) will give us pleasurable feelings of achievement.

Seems kind of pathetic when you put it that way.

Basically, evolution normally reserves this sort of pleasure for people who crush their enemies and protect their families and do all sorts of real survival stuff in the face of mortal danger.

But it’s now possible to play games that are so good that it tricks our brains into thinking we did the same things, and thus deserve the same rewards. It’s a clean way of seeing why people like to game.

Anyway, the point here is that evolution forces our brains to tune to an environment, figures out what would get us reproductive success in that setting, and then rewards us for achieving those things.

And it can only tune to one environment at a time.

So if you’re a career person, or a parent, or an avid role-player, and you’re trying to do all these things at the same time, they might compete for being your primary meaning infrastructure.

Being a career person and a great parent often doesn’t compete (for men) because they see their career as helping their children. For women it’s harder because they feel that the kids lose more by them not being there.

I think people who have the clearest, single-focused infrastructures are the people who are the happiest because the rules are most visible, the brain knows what to do to win, and it rewards you when you hit certain milestones. Just like back when we were competing with animals and weather to survive.

So try not to mix your meaning loops. The human mind isn’t good at it.

—

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel

The movement happening right now regarding sexual harassment in Hollywood is pushing my emotions around.

First we had Weinsein get called out for what must have been decades of behavior that was simply unbelievable. Then we had multiple male friends, including people like Clooney and Tarantino, come out and say that the feel horrible because they should have done more to oppose him.

And now in tech it’s coming out that our own Robert Scoble, a fixture in the IT industry for many years, also has sexual harassment in his past. I just read his apology on Facebook a few moments ago.

I find the whole thing to be extremely cathartic. Not because it’s fixing issues for a few offenders that we’re hearing about, and giving voices to their many victims, but because it’s probably putting the fear of God into the thousands of other offenders who are just the same.

There are, right now, so many men in various positions of power who are thinking back to all the times they were inappropriate, thinking about their victims, and wondering if they’re going to be the next person being called before the public to be judged.

I think it’s beautiful.

It’s like we’ve crossed some sort of threshold with technology that it’s possible to be heard now, as a victim, and to have other peoples’ voices added to your own, in a way that gives you the courage to say something.

And would-be assailants are now hearing this message. It’s like everyone now has a force field around them preventing abuse. And the force field is technology. It’s the ability to combine voices with others to surface someone’s wrong-doings, and to do unbelievable damage to them as a result.

Of course this will be abused, but the backlash against false accusations will be just as harsh. The true power of these accusations comes from corroborating numbers. When someone is this horrible in their behavior it’s so often just part of their character and likely to happen wherever they go. So for each person like this there are likely many people who have been affected but have never said anything.

There used to be so much pressure not to—that’s the thing. There was insulation. There was protection for the perpetrator. And the more powerful the man, and the more selective the industry, the more defense there was.

And now it seems that’s being dismantled to some degree.

The women won’t be as silent. The male friends of the perpetrator won’t look the other way as much. And collectively, as a group, we openly look down on people who abuse power in this way.

It’s major, this movement. In so many ways.

I’m really looking forward to a tech industry (I’m not in Hollywood) where this type of thing can’t happen nearly as easily, where perpetrators have to consider with every incident whether it will eventually come back around and be part of their exposure story.

I like there’s now something for them to worry about.

Support

If you enjoy or get value from the content, please consider helping to support it through membership.

Membership ($10/month)
Membership ($100/year)

Thank you,

Daniel