Daniel Miessler's Blog, page 121

Once we’re able to decipher our minds, our memories, and everything that makes us unique as individuals, we’ll be able to transfer our minds into digital form.

This will basically make us immortal, and I think the next stage is to share knowledge among all of us that are digital.

Once we’re all sharing common knowledge, I don’t see why we will be considered individuals anymore. I think there will be some vestiges that remain for a while, as a matter of tradition, or of respect for what we used to be, but it seems like we’d evolve out of that as well and inevitably end up at a single post-human life form.

The interesting part is that I think most civilizations will do the same. I think it’s a matter of stages of development.

These stages map to challenges. At first the challenge is to be created at all, from the primordial soup. Then it’s to evolve. Then it’s to beat out your animal competitors. Then it’s to avoid being destroyed by disease. Then there are meteors. Then you have to not destroy yourself with nuclear and biological warfare.

So now, as a civilization, you’ve made it to say level 6 or so. The next level is to not get eradicated by an aggressive superintelligence before you merge with it.

But let’s say you get there. You’ve created super intelligence, you’ve evolved your humanity to merge with it, and now you’re just one superinteligent being with all the knowledge and experiences of the human race.

On earth, let’s call ours Huma.

So we’re on earth, we’ve probably explored the solar system and maybe even populated it decently well with other extensions of ourselves.

But our next problem is non-trivial to solve. The Sun is going to burn out, and it’s going to destroy the earth. That means no more energy. That means death.

So we have to find another star. We have to find another home. We have to find more energy.

This is the true essence of life: the struggle to overcome, to be victorious, to survive, and to expand. It’s the same with battling against other animals in the African plains as it is looking to find another star before ours burns out.

I think we can assume that the universe is full of civilizations on this path. Single, super intelligent entities that have the history of their evolution within them, who are conquering the next challenge. That challenge is likely to be finding good planets with good stars, and planning for the future.

The most advanced of them, perhaps together with thousands or millions of others, will be working on the final challenge. The final challenge of course is avoiding the Heat Death of the universe, and it’s the hardest problem in the world.

I imagine a federation of superintelligences, representing millions of civilizations, each with billions of years of evolution, roaming around the universe trying to solve the Final Problem.

A few of them have decided to unite and become part of Uni, which is the combined super intelligence that has all the experiences of all joined civilizations. Many more will join, but only after they are comfortable enough with their own identities that they’re willing to absorb them into a greater whole.

Notes


I could see writing some fiction in this universe, where some civilizations are part of Uni, some are close to it, but then there are many that are just starting. Some are mid-level and they prey on the early ones, so when early-tech life forms send out SETI signals, two types of groups respond: the ones going to destroy and pillage them, and the defenders who go to prevent that from happening.
I’d love to read a series based on the Early Tech Defense Force (ETDF) that responds to SETI signals like fire calls and immediately goes to protect them from pillagers.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

The Two-lever Argument Against Free Will
Why Free Will Matters
A vim Tutorial and Primer
Information Security Interview Questions
The Future of Happiness

Liberalism in the United States is in the middle of a slow motion suicide by poison. We’re watching the unscrewing of the lid, the last looks about the room, and the multiple sips from the vial. Except we’re seeing it happen at one frame per month with no ability to stop the film.

The far left has effectively blacklisted the thinking or voicing of certain opinions, simultaneously pushed a series of regressive and ridiculous narratives, and then proceeded to witch-hunt at the individual and media levels using outrage porn as its primary weapon.

The effect is slow destruction of the original progressive agenda, with more and more liberals being forced to leap from the hijacked bus. Even worse, though, is that it’s creating a gap in ideology between the extreme left and the extreme right. And the gap continues to grow in both breadth and depth.

We’re approaching a moment where we have just three groups in this country:

The Regressive Left who spews social-media-powered outrage, hatred, and labels at anyone who disagrees with their far-left opinions and in turn harms progressivism the way only a friend can.
The Alt-right, which is effectively indiscernible from a race-oriented fascist party.
And the growing middle ground who suddenly has no home. They are the 70% in the middle who leaned a bit left, or leaned a bit right, but is suddenly forced to pick between safe spaces and Muslim registries.

It’s not a recipe for disaster, it’s the pre-made cake of disaster (because we already know how it turns out).

Arguments from arrogance

Here are some of ways the extreme left is pushing people towards apathy and/or the extreme right.

Insisting women who are happy being mothers and wives are either lazy or anti-feminist: It’s obviously ok to encourage any group to do better for themselves, but it’s pretty shitty to say to millions of women—who might have actually considered all the options (gasp) and who chose to stay home—that they’re bad people.


There’s also a lot of irony in the position, as it assumes an intellectually inferior position for women since they obviously don’t know what’s best for themselves. To be clear, many of these same women are absolutely feminists when it comes to allowing women to enter the corporate world, start businesses, or do whatever. They simply don’t see staying at home as failing to do those things, but rather as alternative and equal choice. Many women see attacks on that choice as a violation of something natural and ok, and it pushes them away from the left even if they leaned progressive on many other issues.
Equating school shootings caused by mental health issues with Islamic terror. With each mass attack on civilians done by Islamic extremists it becomes increasingly counter-intuitive and offensive to say it has nothing to do with Islam. And when you tell people this untruth, without flinching, and expect them to pass it along to others, it produces a burning anger inside. It’s an anger created by being asked to believe and preach something you know not to be true.



We have a problem with extreme Islam that only moderate Islam can fix, and you start that conversation with identifying that we have a problem. Right now, in the entire world, there is no newspaper that will print an image of Mohammed. The reason is because there’s a very high chance that they will be murdered with hours or days of publication. This is not a problem for any other religion on Earth. It’s not a problem with Putin. It’s not a problem with Kim Jung Un. It’s not a problem with the Satanic church. Only Islam. Now add to that the fact that when you ask British Muslims if it’d be justified to commit terrorist atrocities against someone who mock Mohammed, 27% said they had some sympathy for those behind the attacks on Charlie Hebdo, and 11% said they deserved it. That’s 300,000 people who think murdering a cartoonist was justified because they insulted Islam. British Muslims.



So, yes, we have a problem with Islam in that it largely doesn’t seem consistent with western values. It’s obvious in these sorts of polls, and it’s obvious in a constant stream of suicide attacks carried out by Muslims. White people (or any ethnicity really) shooting up some place due to not having education, not having a job, not having any meaningful relationships, and basically no prospects for the future is quite distinct from an actual ideology. Extreme Islam is an ideology that has to be actively opposed, just like Neo-nazism or anything else like that. And when you claim equivalency with random mental health related violence it defies common sense and produces even more of this internal anger that cannot be voiced.
Pushing white male guilt as a solution to every problem. A lot of white people wish they could be proud of something related to their heritage. Something Irish, or German, or English, or whatever. But they know they can’t do that because it means they (according to the crowd with torches) are also then proud of European colonialism. Once again, you have a powerful feeling (loving one’s ancestry) that is forced to be repressed due to far-left ideology.



This isn’t healthy, and it isn’t fair. Europeans did some dark shit, without question. But every race and group you can name did similar things if look at the history. We should all be ashamed, and we should all be proud. Anytime you remove one either of these feelings, for any group, you produce a festering and boiling pressure that can only be ugly when it finally says something.
Insisting that no part of gender or racial representation in various industries/careers has anything to do with their respective interests or talents. The far left wants you to believe that all workforces should have a gender and race distribution that perfectly matches the overall population distribution. And if it deviates from that, the company or industry is purely racist or sexist. Period.


Do they notice that most top writers in journalism, comedy, and movies are Jewish? Do they notice that black people make up 18% of the U.S. population while making up 75% of NBA players? Do they notice that countries with the most gender equality also have the most gender-specific industries? Or how about the fact that Jews make up only .2 percent of the world’s population but they have over 20% of all Nobel prizes?

If you’re anything like me you’re probably thinking this is some sort of veiled attack on equality.

Didn’t you just say that it’s ok that women stay home, that Islam is completely evil, that jews and blacks can only do one thing, etc? This sounds like crazy right-wing stuff!

Right. No. Here’s what I’m saying.

If some differences actually do exist in genders and ethnicities then that’s ok. It’s ok for different groups to have, on average, some different kinds of preferences or talents. Even if true it would say nothing about what individuals want or are capable of.
Denying obvious things, as a matter of policy, is really bad. There seems to be something going on with certain ethnicities and certain kinds of excellence. There seems to be something going on with certain genders and some overall career preferences. Islam seems to have a problem with extremism. The worst possible thing you can do, if you want to maintain any amount of respect, is 1) deny what’s right in front of you, and/or 2) call someone out as a bad person for noticing those things.
This denial plays DIRECTLY into the hands of the extreme right. They harvest it like rotting fruit on the ground. They watch liberals deny obvious things and say, “You see how stupid that is, right? You see they’re lying to you? (nodding) Well, let me tell you what’s REALLY going on.” And they proceed to fill heads full of racist and sexist bullshit.

So what are we to do as decent liberals who a) care about the truth, and b) care about defending and promoting progressive ideals?

We say something like the following:

(turning to the sexists and the far left)

Yes, it’s true. Women appear to like doing different things in a lot of cases. Many appear to find being alone looking at numbers all day to be dumb and worthless compared to interacting with and helping actual people. Maybe that has something to do with being the only gender that creates human life inside their bodies (gasp!). And maybe that makes them awesome.

What this DOESN’T mean is that you know anything about any given woman when you meet her. Maybe she wants to be a mother and a wife, and if so she’s a fucking hero. Or maybe she doesn’t want a family at all, or even a boyfriend (or girlfriend), and instead she wants to be a CEO fucking astronaut. And what I’m saying, as a progressive, is that I will thrash your ass if you imply that she cannot, or should not, be either, because she’s either not capable or because one is inherently better than the other.

(turning to the racists and the far left)

Ok, sure, let’s say it’s true. Let’s say some ethnicities are better at certain things—on average—than other ethnicities. So what? This tells you absolutely nothing about the next person you meet, the next person you’re thinking about marrying, or the next person you’re thinking about electing to run our country. Everyone is an individual, and the spans between individuals are far wider than any group difference could ever be.

Since I’ve probably confused you, that means that all groups have massive ranges of attributes, skills, talents, and abilities that massively overlap, so when you think you know something about a person because of their ethnicity, that’s a symptom of you not being good at math, and that you should get a library card.

(turning to the white people, the white nationalists, and the far left)

You know what? Europeans have actually accomplished a lot. You did some great things. Have your Irish parties. Have your German parties. Celebrate your ancestry. Being white is cool, just like being every other race is cool. We get it, you do your thing.



(turning to the white nationalists) As for you people, you’re all officially out of work. As you just heard, we’ve removed the ban on white pride. People are now free to be proud of their heritage no matter what their race. So, since you said that’s what your party was about, I suppose you can go home now. (chants in the crowd).

Oh, you want white people to be in charge? You want to subjugate everyone else? Well, then you’re garbage, plain and simple, and the sooner you all get bred out of existence the better. The future is cocoa colored and cyber-enhanced, you silly idiots. Pack up all your dumb Hitler shit and get out of here before we call the police. Your days are numbered, and you are opposed by not just asians, hispanics, and black folks, but by the majority of whites as well. We. Are. The. Future. You. Are. The. Past.

(turning to the Islamaphobes and the far left)

Yes, Islam has some major issues. It’s not gone through a reformation, the books are still in their original forms, and they have a LOT of nasty stuff in them that people can dig up and throw around at will. And we also have a lot of so-called moderate Muslims who support hardline beliefs far too much to be consistent with western values. So that’s a problem.

But we also have hundreds of millions (the actual vast majority) of Muslims who are extremely western, secular, and progressive. They just want to raise families, see their kids become successful, and die of old age. If you care about national security, or even just human decency, what you’ll do is engage THOSE PEOPLE in conversation.

They are our friends. They are our brothers and sisters. They’re the good guys, just like anyone else. And they’re also the people closest to the problem. So the single, dumbest, fucking thing you can do—without question—IS TREAT THEM LIKE THEY’RE THE FUCKING PROBLEM. Stop being a goddamn xenophobe and be part of the solution.

Summary

There’s one theme here. We cannot let the extreme be the only ones telling truths.

When the left fails to call out differences or pressures or problems that are SO OBVIOUS to see, it starts a kindling that the right is eager to ignite.

Take that power from them. Speak truth. Be honest. Have difficult conversations. And then, afterward, love each other as one progressive humanity. That’s the only thing that will work against hate. Honesty and love.

Liberals must speak truth so that the enemy isn’t the only one doing so, because they twist it, distort it, and use it do evil.

Having the courage to have the difficult conversations and protect your progressive ideals must start and end with honesty about reality, and wherever that fails you will open the door to racists and bigots who will use those omissions against you.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

My Current Opinion on Women in Technology
Liberal and Conservative Contradiction on Gender Programming
In Search of True Female Equality
The Attraction Argument for Why There Are Fewer Women in “Male” Jobs
Don’t Step in the Anti-Muslim Trap

I really enjoyed the latest Wonder Woman movie and was surprised by how powerful she was both in it and in the previous Superman movie. So I decided to do some research since I knew virtually nothing about her as a character.

Here are some of the interesting things I learned.

Wonder Woman was created in 1941 by William Moulton Marston, who wrote as Charles Moulton
Marston was an inventor of the polygraph and a radical feminist, but he was also deeply into domination, submission, and bondage
He believed that women are superior and that they would eventually rule the world because they’re more compassionate and less aggressive
He also believed that women could be superior but simultaneously embrace submission to men as a source of sexual enjoyment
One of Wonder Woman’s main weaknesses is that if a man binds her at the wrists (bracers) using his hands or chains or whatever, she loses her powers
All throughout the comics and the 70’s TV show she would often appear in bondage, but she would always find a way to free herself, which counters the ‘damsel in distress’ concept
In the new Wonder Woman movie (2017) when she is thrown to the ground and wrapped and bound in metal (and then breaks free) which is without question a reference to that bondage and escape history
Wonder Woman is bisexual, and this is supported throughout the character’s history and also by the scene in the latest movie where she says men are unnecessary for pleasure
Marston and his wife were polyamorous and lived with two female lovers. One of the lovers, Olive Byrne, wore two bracelets, and is the inspiration for Wonder Woman
Wonder Woman was originally written to be made from clay and given powers by Aphrodite, but in the latest versions of her history she is the daughter of Zeus and has many of his powers, including the ability to control lighting
Her powers have changed and been lost and regained multiple times, but she is a Demi-goddess with powers similar to Superman and Thor in strength
Wonder Woman has repeatedly been relegated to lower roles within superhero teams due to sexism in the real world. In Justice League she was without question the most powerful hero there, yet she was given the role of secretary. This was probably directly referenced in the latest Movie (2017) when she asks what a secretary is
Wonder Woman has actually been the God of War before, which is interesting given the controversy around the fact that Gal Gadot is Israeli and that Wonder Woman’s primary directive is bringing kindness to the world
Her powers and items come from the Greek gods, and each of them have granted her different things.
The bracelets are supposedly made from remnants of Athena’s shield, the Aegis, which is made from the hide of a she-goat that suckled Zeus as a baby.
The Lasso of Truth (or Hestia) was forged by Hephaestus from the golden girdle of Gaea and can compel anyone to tell the truth, which makes sense given the fact that Marston was the inventor of the lie detector. Wonder Woman is also said in multiple places to be skilled in psychology, which is Marston’s field (he was a psychologist)
Her tiara has been used as a boomerang in the past, and it also protects her from telepathic attacks and has been used to allow her to communicate with Amazons back home
Batman has called Wonder Woman the best melee fighter in the world.


Notes


Most of this was taken from the Wonder Woman Wikipedia page, as well as a few other guides online. It should be relatively accurate but I’m sure many items are up for debate, as with any superhero lore.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

An Encoding Primer
A vim Tutorial and Primer
My Response to Sam Harris on the Apple Encryption Debate
An Atheist Debate Reference
The Duality of Truth and Happiness

I just returned from my annual pilgrimage with my buddy Jason and our friend Martin (plus his brother Jake this year), and here’s a recap.

[ PLAYLIST: I’ve created a playlist of around 20 of the top sets at EDC Vegas 2017. You can download it here. ]

I ended up going while really sick. I had a bad sinus infection that started a few days before in London. But I pushed through it and didn’t even realize how bad it was until I got back on Tuesday
We saw many more shows this year instead of staying at the Hardstyle stage like I usually do
I thought I had missed my favorite artist, Technoboy, but I caught the TNT set which is actually one of his aliases
Favorite sets were TNT, Marshmello, Showtek, Alice in Wonderland, and Green Velvet
Over the last year, and definitely at this EDC I’ve massively increased my appreciation for Deep House, so I spent a good amount of time at Neon Gardens this year
Virtually everything I heard at Circuit Grounds was excellent
I was largely disappointed with Wastelands for the few sets I saw that weren’t TNT because it seemed super pop. I feel like all the artists were trying to go mainstream and didn’t want to be hardstyle anymore
The Tiesto set was really strong this year
I did a very EDC thing and helped a girl out who was crying with a dead phone. She as liked me for help and I got her a water and a portable phone charger and sat with her behind cosmic meadows until her friends found her
We walked around 30 miles over the three days, although I’m not sure if the Apple Watch counts dancing as steps
I had more appreciation for lighter stuff this year, like Marshmallow. Either that or they had more heavy stuff mixed in that kept me going
For the record my preferences are currently Hardstyle, Deep House, and Trap. Interested to see how that changes
Sunday was really strong this year. They made a real effort to load the last day so people would say all the way through

Only 52 weeks to EDC!

[ PLAYLIST: I’ve created a playlist of around 20 of the top sets at EDC Vegas 2017. You can download it here. ]

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Download the Top EDC 2015 Sets
Unsupervised Learning: No. 70
What EDC Means to Me
Unsupervised Learning: No. 69
The Key to Happiness is Being Thankful

I think extreme religion is about to remove itself from liberal, western society as the result of internal terrorist attacks.

Historically, liberal society has been inclusive. The mantra has been multiculturalism, inclusion, and all the related synonyms. But homegrown terrorism, where thousands or tens of thousands of religious people have all but openly declared war against the western way of life, will force liberal societies to choose.

Either continue being attacked from within, or admit that there are religious ideologies that are in direct opposition to the liberal society that we’re trying to build.

It won’t be easy, as should be clear from the fact that it hasn’t happened yet, but continuous terrorist attacks by the same groups will force us to act.

So the question is, “What do we do? Who do we target? And what do we do with them?

I think the answer we’ll arrive at will be targeting those who outwardly show signs of embracing traditional beliefs. Full stop. If you associate yourself with an old religion that has beliefs that are counter to modern liberalism, you will be removed from society.

Incarceration, removal of citizenship, and/or banishment from the country.

Sound extreme? It is. But so is not being able to enjoy the benefits of liberal society, where you take your family to the city center, lounge about in a park, take a coffee, have a nice dinner near the center square, etc.

If people in modern society cannot do these things, because they fear being murdered by people who hate secular government, homosexuality and womens’ rights, then they will eventually do the logical thing and label and treat these people as an enemy.

I speak, of course, of Islamism, but it will not be the only target of this expulsion. Traditional and extreme forms of Christianity will be targeted as well, assuming they have any tie to violence or forced anti-liberal behavior.

And how will we know someone has these beliefs? That will be rather simple, actually, since you can simply ask them, or look at their appearance. If the men are wearing the garb of acolytes of a centuries-old religion that has well-documented anti-liberal beliefs, that person will be removed.

If a man wants to found a church where only men can be pastors, and where they consider homosexuality to be a choice, and a sin, and where women are basically indoctrinated to be homemakers and nothing else—that family will be removed.

To be clear, I’m not saying this will be a good idea. Or that it’ll be effective. Or that it’s the right thing to do. I’m saying some form of this will happen.

I do think that it’s logical and acceptable to chart out the fundamental and inflexible beliefs of a society, and to require all citizens to adhere to them. But those tenets should be extremely broad and non-controversial for the vast majority of people. They should only exclude those who embrace ancient and dogmatic belief systems that are directly anti-liberal and anti-progressive.

I think the problem with any such system is that its potential for abuse will be extraordinary, and it will be difficult to implement any logical form of it without introducing its own unfairness and injustice.

Examples might be external markers like hairstyles and beards, or certain types of clothing. They may become banned because they’re associated with extreme Christianity or Islam, yet a new style of dress could arise that shares characteristics with it, and it would be banned as well because it’s too similar.

I think the key would be keeping the system extremely simple, and only prohibiting the obvious markers. A woman walking around with her hair covered, for example, or a man wearing religious robes in public.

The core concept here would simply be that if you don’t accept the full equality of women, of homosexuals, of all races, etc., and you associate yourself with groups that are known to to oppose that equality, then you have to leave.

That’s it. Leave. You can’t be here anymore. You have embraced a belief system that is counter to our way of life, and this is clearly associated with violence, so it can no longer be tolerated.

That’s what will happen. That’s the line that will be drawn. And like I said, I get it. I am ok with the underlying concept of being honest about the fundamental incompatibility of these belief systems and an open, equal society, but I’m not going to like the way it will manifest.

But we should expect it. The current model of being attacked from within by people who live next door and hate liberal society simply cannot continue. And the more attacks that come, and the less able we are to enjoy our open society, the faster these policies will be called for.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

My Current Opinion on Women in Technology
In Search of True Female Equality
An Atheist Debate Reference
The Attraction Argument for Why There Are Fewer Women in “Male” Jobs
When is an Idea Ridiculous?

I attended the OWASP Top 10 data capture discussion session today at #OWASPSummit2017 in London.

Andrew van der Stock lead the session and was asking how we could improve the data collection process, and what we thought the obstacles were to people submitting their data.

My answer was that the drama around OWASP “data” collection comes from we project leaders perpetuating the false belief that what we’re collecting is good data, and that what we’re doing with it is science.

It’s not science. Not even close.

The former project leader talked about the quality of the math in the Excel spreadsheet, and said if we had an issue with the results that he welcomed us looking at the formula for a given calculation and making recommendations.

But as I explained, this is still missing the point.

When vendors submit datasets they’re HIGHLY skewed. They’re skewed because they favor one kind of vulnerability because of their business. They’re skewed because their training focused on certain vulnerability types and not others. They’re skewed because they send their data in completely different ways.

Random companies, with random perspectives, sending random data, that’s randomly biased.

And then a small group of smart volunteers do their best with it. They review what’s submitted. They try to normalize it somehow. They try to remove the bias. And they end up with something they call a release candidate.

Nothing wrong with that. That’s the process we have, and the results tend to be helpful.

The problem is we don’t tell people this is what we do. What we tell them is that we are EXPERTS and we have DATA and we use SCIENCE to produce the results!

And so people think that if they had just submitted that one other dataset, or if their competitor wouldn’t have submitted more data, or if they had just had that one intern to submit from their vulnerability database—that it would have somehow ended up different.

It probably wouldn’t.

The truth about these projects (and I’ve been on a few) is that the teams tend to be highly confused about what the goal ultimately is. Are we listing risks? Are we trying to help developers avoid mistakes? Are we helping CISOs prioritize their AppSec program?

What’s the goal with these lists?

The former OWASP Top 10 leader said his summary is,

Helping a CISO understand what to focus on to reduce the most application security risk.

I like that. It’s simple and easy to communicate.

So then someone smart in the session today asked a great question:

If the goal is identifying the top risks for CISOs, why aren’t we using breach data?

Exactly.

My favorite summary for these lists is “things to avoid”. They’re risks, they’re threats, they’re vulnerabilities.

But why are we only collecting random sets of vulnerabilities from random vendors? Especially when we’re not able to use that data to actually produce a list anyway. We’re sort of arbitrarily deciding, as a group, what the list should look like and using the data to guide that.

So why not use more inputs?

I use breach “data” to guide my testing methodologies, my risk rating methodologies, and similar systems. This type of input tells us what is actually working for attackers, and what is hurting us most and most often.

That’s good input, and we should be using it for OWASP lists as well.

The obsession with vulnerability data is due to the flawed belief that the data, combined with rock-solid algorithms, are producing the list themselves. They’re not. It’s people. Smart and dedicated people trying to do the right thing. The sporadic and biased data (combined with our pet formulas in Excel) are nothing but jazz hands hiding this fact.

So the problem isn’t the data submission. It’s not the form. It’s not the time you have to submit. It’s not any of that.

The problem is not being honest about how this sausage is made.

It’s a few security experts doing the best they can with some limited data and a spreadsheet. And the results are usually pretty damn good.

So let’s be honest about that. And let’s get more experts to give their opinions.

Summary

Here’s what I think we should do for these types of projects:

Be honest that it’s art and not science.
Stop lying to ourselves about the quality of data coming in. It’s garbage feeding GIGO.
Clearly describe the process of building the list, which might include some sort of analysis of what was submitted, but shouldn’t make it sound like it was scientific.
Take more inputs as to what should be on the list. We need input from the field on what people are seeing, and that isn’t always going to come in the form of vulns. If it’s opinion that’s ultimately making up the list, let’s get more opinions.
Let’s also add breach data (and other types of data) to what we look at when arriving at those opinions.

Ultimately the answer here is transparency, and taking ourselves a bit less seriously.

It’s art, and it’s hard, and the people running these projects deserve our admiration. But let’s not pretend it’s something that it isn’t. It creates problems that could be avoided.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Comments on the OWASP Top 10 2017 Draft
Web Application Security Testing Resources
Information Security Assessment Types
How to Build a Successful Information Security Career
The Difference Between a Vulnerability Assessment and a Penetration Test

This week’s topics: Live from London, Gamestop hacked, PowerPoint malware, Chinese Apple Hack, XSS, WWDC summary, FDA approves cancer drug, heroin $51B, ideas, discovery, recommendation, aphorism, and more…

This is Episode No. 82 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can subscribe to and get previous editions of here.

Newsletter

Every Sunday I put out a curated list of the most interesting stories in infosec, technology, and humans.

I do the research, you get the benefits. Over 5K subscribers.

The podcast and newsletter usually go out on Sundays, so you can catch up on everything early Monday morning.

I hope you enjoy it.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Unsupervised Learning: No. 78
Unsupervised Learning: No. 76
Unsupervised Learning: No. 73
Unsupervised Learning: No. 75
Unsupervised Learning: No. 72

This week’s topics: OneLogin, Extortion, Coinbase, Pandemic, Booz, Mobile Apps, Electricity, AI voices, Sheets, Walmart, Karoshi, APIs, discovery, aphorisms, and more…

This is Episode No. 81 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can subscribe to and get previous editions of here.

Newsletter

Every Sunday I put out a curated list of the most interesting stories in infosec, technology, and humans.

I do the research, you get the benefits. Over 5K subscribers.

The podcast and newsletter usually go out on Sundays, so you can catch up on everything early Monday morning.

I hope you enjoy it.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Unsupervised Learning: No. 73
Unsupervised Learning: No. 76
Unsupervised Learning: No. 75
Unsupervised Learning: No. 71
A find Tutorial and Primer

People tend to confuse precision and accuracy, and many of the definitions out there aren’t entirely clear.

Here’s the easiest way to see the difference.

Precision is about taking multiple attempts—such as shots, guesses, or measurements—and having all of them end up very close to each other.
Accuracy is about having your attempts land at the true or desired location.

A good example is a marksmanship target, as seen above, where you could have a tight cluster of shots nowhere near the bullseye, and that would be precision. Or you could have a loose group near the center that’s fairly accurate but not very precise.

In short, precision is about how close attempts are to each other, and accuracy is about how close they are to the desired goal.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Ideas
Explore (Legacy)
Engineer Around Your Weaknesses
Power and Relaxation: A Counterintuitive Combination
Accuracy vs. Precision

For me there’s an interesting element in rideshare services and how they affect human interaction.

The idea was to require less interaction. You don’t have to tell them where you’re going. And you don’t have to talk about payment. So a lot of people imagine that as headphones in and no discussion other than hello and goodbye.

But for me it’s the opposite.

I tend to have the best conversations with rideshare drivers, and perhaps it’s because we’ve removed the banal from the table.

It got me thinking about Basic Income, and what people could do if they weren’t trying to make Maslow happy.

I’m not sure there’s a correlation there, and I’m definitely not sure it will turn out to be solid even if it is there, but it’s worth thinking about.

Basically, what if removing banality and tedium gives freedom to do higher-order activities? And maybe this is a promise of technology to embrace? I think it’s a common theme, actually, and it’s the counter to the “robots taking our jobs is bad” argument.

I think the reality will be a hybrid, though. For many it’ll be horrible, and the entire game will be to transition as many as possible into this new model of “we freed you up to do better things”.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Daniel Dennett is Wrong About Free Will
The Disambiguation of Freedom
How to Build a Successful Information Security Career
Ideas
The Difference Between Pursuing Happiness and Pursuing Meaning