Daniel Miessler's Blog, page 128

This week’s topics: Russians at it again, Microsoft and Adobe updates, PoS breaches, US-CERT throws TLS shade, epilepsy tweet stalking, Tesla’s billion, lip-reading AI, autonomous BMWs, Fiber Lasers, taxing robots, Green Zones and Red Zones, AI disruption of healthcare, discovery, recommendations, and aphorisms, and more…

This is Episode No. 70 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to here or read below.

Infosec news  





Two Russian FSB members and two Russian hackers collaborated to execute the Yahoo! breach in 2014. This isn't the 2013 Yahoo! hack of a billion accounts. Or the other one. This is the 2013 one. Link



Adobe and Microsoft both pushed out significant patches last week, with Adobe fixing a bunch of Flash issues and Microsoft dropping 18 update bundles. Link



1 million decrypted Gmail and Yahoo! passwords are available for purchase. Link



Brian Krebs is reporting another PoS breach, this time for a restaurant chain called Select Restaurants. His analysis is that the hospitality and restaurant industries are massively owned, and that this is especially true for smaller chains that don't have direct relationships with the banks whose cards are being run through their PoS systems. Link 



In a regular yearly tradition at CanSecWest in Vancouver, vulnerabilities were found in Safari, MacOS, Microsoft Edge, Adobe, Firefox, etc., and someone also escaped a VM. Link



US-CERT has thrown some shade at HTTPS interception applicances and services like Cloudflare by saying they have a negative effect on secure communications. Link



33 million US employees have had their data leaked. The data was discovered by Dun & Bradstreet, and is available in Have I Been Pwned.  Link



GitHub rewards an $18,000 bounty to a researcher who found an RCE issue in GitHub Enterprise. Link



Ubiquity has a critical command injection vulnerability in more than 40 of its products' admin interfaces. Researchers reported the issue(s) to the vendor through its HackerOne bounty program, but went public with it after receiving an unsatisfactory response from the vendor. Link



A Secret Service laptop, security lapel pins, and radio were stolen from a Secret Service vehicle in New York City. Some of the items have supposedly been recovered, but it's not clear which. The incident is yet another entry in the book of recent embarrassments for the group. Link 



Sound waves have been used to confuse common accelerometers. Link



A new version of the Shamoon malware, called StoneDrill, has been found on a European petroleum company's systems. Shamoon was popularized back in 2012 for wiping disks at Saudi Aramco, and the new version does that even better and adds lots of more advanced functionality. Link



38 Android devices infected with malware pre-installed in the supply chain. Link



WhatsApp and Telegram have flaws that can lead to account compromise. The issue is improper parsing of malicious images in the web version of the application. Link



A man has been arrested for cyberstalking after sending a flashing tweet to a journalist who has epilepsy. Link



Trump has put $1.5 billion in the new budget for cybersecurity and critical infrastructure. Link





Technology news                                                    





Tesla is raising over $1 billion to offset the risk of the Model 3 bet. Link



Uber president Jeff Jones has quit among turmoil at the company. Link



Oxford scientists, in cooperation with Google's Deep Mind division, say they've created an AI that can lip-read better than humans. Link



Microsoft is putting ads all throughout Windows 10, including in the explorer window. Link



BMW is shooting for a level 5 autonomous car by 2021. Link



Netflix is dropping their five star ratings for a thumbs up or thumbs down. Basically, nobody ever uses 2-4 stars; it's always 5 or 1. Link



Teslas massive batteries are being used to power everything from breweries to small islands. Link



The U.S. Army gets the first 60kW Beam Combined Fiber Laser Weapon. I'm excited and scared at the same time. Mostly excited though. Link



WePay now supports ApplePay and Android Pay. Link



Intel has purchased MobileEye for $15.3 billion. Their technology does computer vision for autonomous driving. Link



Everyone is spinning up for 5G. "Nothing will be mobile because everything will be mobile." Link



Sony is working on mobile-to-mobile wireless charging technology. Link



Nintendo is doubling production of its wildly popular Switch console. Link



Microsoft's Slack rival, Teams, is now open to all Office 365 users. Link





Human news                                                  





Numerous and sustained studies of "learning styles" have failed to find scientific support for the concept. Link



Police have got a judge to petition Google for an entire city's searches for a given phrase, in order to help solve a fraud case. Link



Tim Cook says globalization is in general great for the world. After reading Naked Economics by Charles Wheelan, I too agree. Link



Bill Gates wants to tax robots. Link





Ideas





Failure, and How to Help People Avoid It Link



Green Zone, Red Zone Link



AI is about to massively change healthcare. Basically, you give more and more of your data, and the system tells you when you're sick, and exactly what to do to optimize outcomes. And it'll do this way better than human doctors. It'll basically be using the power of the entire human dataset each time it looks at you. Link





Discovery





The 6 levels (0-5) of autonomous car autonomy. Link



A list of the crazy cool projects that DARPA is currently working on. Link



Principles of Covert Action. Link



Five myths about obesity in America. Link



Analysis of docker image vulnerabilities. Link



Glitch — A collaborative community for building applications, bots, or webpages. Link





Notes





Brian Romelle, a prominent technologist focused on the voice-first revolution tweeted out my book last week, and generated a solid amount of interest. If you haven't read the book, or you've read it but not reviewed it, please take the time! Link



I'm speaking at HouSecCon this week with Jason Haddix on our Game Security Framework. The session will be recorded and we'll share it when it becomes available. Link



I've finished Sapiens and have started on Homo Deus. And, yes, Homo Deus is about humans becoming gods, like I said originally. Deus is Latin for god. Someone sent me a correction, which turned out to be wrong. Derp on my part. Link



I really wish Apple Watch had a round form factor instead of square. I get that the iPhone is rectangular, and that this is the shape of all their widgets, but high-end watch faces are mostly round. I'd give anything for an Apple Watch face that looked like a NOMOS TANGOMAT DATUM. The bad news for the watch industry is that I'm basically just going to wait for smartwatches to reach this level of craftsmanship. I can't see myself going back. Link



The OSINT primer is still coming along. Being onsite with customers and other projects have extended the timeline a bit. But it's coming. 



I'm working to get some new wordlists (payloads and usernames/passwords) incorporated into SecLists. I've reached out to the creators of the various GitHub projects and they were happy to be incorporated. Will integrate as time allows.





Recommendations





When you patronize hotels and restaurants (especially the smaller ones), expect the chance of POS malware to be far higher. Use a credit card rather than a debit card, and maybe don't use your favorite one. Consider designating a throw-away card that you use for higher-risk transactions, and that you don't mind having replaced frequently.





Aphorism



"People don't seem to realize that their opinion of the world is also a confession of character." ~ Ralph Waldo Emerson

Thank you for listening, and if you enjoy the show please share it with a friend or on social media.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

One fundamental difference between the left and right is their approach to handling failure.

I was raised in the San Francisco Bay Area, and what I’ve been taught my whole life is that people fail for reasons that are not their own fault, and so we need to help them. That’s liberal canon.

Later in life I learned there was another school of thought that said people make choices all throughout their lives, and that some make good ones and some make bad ones. And if you make the bad ones then you deserve what you get. If you don’t like your condition, change it. Go out there and work hard for what you want.

Most people seem to fall into one of these two camps, and it’s my current belief that the less educated you are the more you lean towards one side or the other.

So if you’re an uneducated liberal in the Bay Area, you likely think that all poor people are actively trying to better themselves at all times, making all the right choices, but are just being held back by the oppressive “system”.

And if you’re an uneducated conservative in…wherever, you likely think that poor people (not of your exact color and religion) are simply lazy. They could be successful if they simply tried. And because they don’t try, they deserve to be poor, suffer, etc., and we shouldn’t be wasting our resources trying to help them.

It seems obvious to me that both of these extremes should be discarded as mythical. The truth is somewhere in the middle of this spectrum.

What I find most interesting is policy questions around how to improve outcomes. I don’t just want to say that both extremes are faulty, and that the answer is somewhere in the middle. I want practical advice for how to deal with individual, real-world situations.

The role of failure

What I’ve come to realize in the last decade or so is the extraordinary motivational power of failure. It’s been the dominant force in both survival and reproduction for millions of years, and in some fundamental sense it’s a very positive thing.

It’s positive because it inspires positive action to improve one’s situation. It pushes you to pursue a better job, a bigger house for your family, more vacations, a more comfortable retirement, whatever.

The question is: what is considered failure? In the past this was very clearly defined by the surrounding community of “normal society”. If you didn’t have a job, you were a failure. If you had nothing to offer the world, you were a failure. If you couldn’t take care of yourself, you were a failure. If you couldn’t take care of your family, you were a failure.

And everyone would let you know this in various ways. The look of pity or concealed condescension when face to face, the whispers behind your back, etc. That’s how you knew you had failed, and it inspired change.

What many cultural narratives have done, however, is remove the shame of failure. They’ve taken the sting from it and made it an acceptable state. Don’t have a job? That’s fine. Don’t have anything to offer? That’s fine. Don’t give back to society in any meaningful way? That’s fine. They spend time with those who share their lack of ambition, they avoid mainstream “success” types who make them feel like…well, failures.

The problem with liberal culture seems to be accepting millions, or tens of millions, of these people into society by providing them a constant stream of benefits that allows them to survive. They then have enough to technically not die, to reproduce, and to transfer a similar philosophy of success and failure to their children.

And so it continues.

The anatomy of failure

So that section might have sounded like it came straight out of a Paul Ryan playbook. It didn’t. It’s just true. Stay with me.

There is another group of poor people who have completely different philosophical DNA. They work constantly—from one job to the next—for horrible pay, atrocious hours, and end up spending far too little time with their kids. And their kids are the main reason they’re working two or three jobs in the first place.

They were told as children that you’re nothing if you’re not providing for your family, and that you’re nothing if you’re not working. And they absolutely look down upon lazy people who don’t provide or give back. But they weren’t told to go to college. They weren’t told how important education is. And they weren’t told that soda, pasta, and other carbohydrates are not the basis of a healthy diet.

So they end up working their butts off every day of their lives, in multiple soul-crushing and low-paying jobs, just to give their kids a chance in the world. But because they don’t understand that world, they end up giving their kids obesity, diabetes, and virtually zero chance of anything other than the exact life they have. So by age 18 those kids are themselves raising a bunch of kids of their own, working 2-3 jobs, feeding them the absolute worst foods, and stressing manual labor over education.

The cycle continues.

Assessing a given individual or group.

Over the last decade I’ve come to believe that the desire for bettering oneself is either there naturally, or it’s not. But I’ve also learned that people have very different ideas of acceptable results.

So to me the fundamental questions are:

What is an acceptable level of life attainment in terms of job type, income, education, etc.?
How passionate will they strive to achieve that level of attainment, and how bad will they feel about themselves if they’re unable to?

Importantly, if you set the bar at “barely surviving” in the first question, then the second question doesn’t matter much in terms of modern society, because it’s easy to achieve.

And if you set the first question bar too low, i.e., at having a manual labor job, or two, or three, and raising a large family so your parents can have grandkids, and giving them all the brand name snacks from the store, and passing along your manual labor work ethic, then you’re in bad shape there as well.

It is good, however, that on the second question, most people who are part of that philosophy will basically kill themselves to ensure they can provide for their kids. Two jobs. Three jobs. Four jobs. 7 days a week. Both parents working. No problem. You do what you have to do.

It truly is admirable, until you think about the fact that this form of suffering is just being perpetuated to the next generation. And this has become dramatically more pronounced over the last twenty years, and it’s about to get far worse because of AI/automation/robots, as I talk about here.

What we need to ask ourselves is this:

What level of the first question should be an acceptable bottom, under which we initiate the timeless weapon of looking down on people? And how much should the answer to the second question matter?

I think a lot, but I’m just thinking through this.

Appropriate action

So assuming we have some answers to that question, what should society do to fix itself?

Here are some things that don’t work:

Telling people who have low standards, and no willingness to strive for anything, that it’s ok because they’re disadvantaged in some way. That’s not good because it shuts down their impetus to strive. It gives them an out.
Telling people who are actually striving and facing obstacles that there isn’t real resistance in the world, in different forms, for different groups. Things are harder for women. They are harder for people of color. Acknowledging this and working to improve it does not have to directly lead to excuses for not striving, and it shouldn’t.
Taking an entire benefit-dependent group of people who forgot how to strive years or decades ago, and suddenly forcing them off of those benefits. This will lead to massive hardship and crime. There has to be some sort of transition.


Two options?

I see two major paths for helping both groups of people: those who have stopped striving altogether, and those who are striving mightily but building lives of hardship for both themselves and their kids.

Do nothing, and cut off the benefits. Build more jails; you’ll need them. This will basically destroy the groups who have stopped striving. They’ll move to streets, take to crime as a means of getting by, and mostly end up in jail. Some, though, will have their survival mechanism kick in, and they’ll enter the workforce doing menial jobs that the robots can’t do yet.
Have very honest conversations with both groups (especially the hard workers striving for the wrong things) that what they’re doing is harming their children’s chances to live a good life. Find ways to convey to them that having no education in the world that’s coming is a sentence of suffering, near-slavery, and/or jail. And that not eating healthy will lead directly to obesity, diabetes, and heart disease.

In short, we have to tell those who don’t understand the world that they are doing this to their kids, and that it’s not ok.

But hold on. That’s the opposite of liberal. Liberals love to say nothing, avert their eyes, mumble something about “not judging”, and then go and buy a latte somewhere.

Well, fuck that. I’m tired of liberal policies that hurt more than they help.

If you care about your fellow humans, it’s time to speak truth. Giving your kids a manual labor work ethic and diabetes is not being a good parent, even if you’re a great person trying your best. The world has become too dangerous and unforgiving to allow us to give this a pass any longer.

Many conservatives say, “Fuck em’, if they’re too stupid to demand that their kids eat right and get a solid education then they deserve to suffer. Let them die, but I’m not paying for it.”

Most liberals say, “Well, they just have a different perspective! You don’t live their lives. You don’t know their struggles, or their culture, or their world view. You can’t judge. And you’re a horrible person for having the audacity to try to “fix” them.”

I say fuck you to both of them.

I will not abandon my fellow humans who work their asses off to do the right thing for their families. They’re your family. And they’re my family. All tens of millions of them. So yes, it’s my business. It’s everyone’s business.

And I also won’t sit by quietly and let them poison and sabotage themselves, generation after generation, walking their kids right into the waiting woodchipper of this new economy. It’s fucking inhuman to say nothing. To do nothing. To not try to help them.

And why? Why do you say nothing? Because you respect their choices? Fuck that. Fuck you. You don’t respect shit.

You say nothing because you’re a coward who fears the judgement by the liberal mob. And to avoid scrutiny, to avoid labeling, to avoid unpleasant conversations, you’ll remain silent and let millions be devoured by lions right in front of us.

Order your latte. Get your car washed. Enjoy the Alpha life. And refuse to say anything. You are the problem, not the solution, and I declare you the enemy.

Well-off conservatives have this wrong because they don’t realize the goodness and heart of millions of hard-working and struggling people. They assume that if you’re not succeeding it’s because you don’t deserve to, and it’s cold, callous, and wrong.

Well-off liberals have it wrong because they’re unwilling to help their brothers and sisters by passionately coaching them to avoid a painful lifecycle that provided a livable life thirty years ago, but no longer. They know the truth, but they won’t share it because it might be “uncomfortable”.

Both sides are lost, and it pains me.

There is only one hope of raising a family without unbelievable struggle in the world that’s approaching, and that’s to have a solid education and agile mentality that allows you to adapt to situations. Manual labor doesn’t get you there. Hard work doesn’t get you there. Taking handouts doesn’t get you there.

You have to fight, and you have to have the right information to prepare you. Rich people share this knowledge with each other all the time, in the country clubs and private schools across the country.

Whether you’re conservative or liberal, if you have this information, and you’ve used it to propel your loved ones into the top 10%, but you refuse to offer this knowledge to those who are struggling, then you deserve the worst shame of all.

Speak truth. Help each other. And fuck anyone who shouts you down.

Notes


There are other groups of poor people who actually understand the importance of education, get a decent one, have a strong work ethic, and work their whole lives without making it out of the rat race. There are many different reasons for this, but often they’re simply not sharp enough to grasp underlying concepts, adapt to changing situations, don’t have the required social fluency to create relationships, or some combination thereof. And some tiny group have all the right components but also have rotten luck.
Image from Tiny Buddha.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

This post will be stream of consciousness style.

I’m worried that existing trends around income inequality are only going to accelerate, and that this time around it’s going to become quite acute, with tangible consequences.

The author of Capital in the 21st Century made the fascinating observation that income inequality has mostly always been high, and that the only time this is corrected is through catastrophes, such as war. But basically inequality is ever-present and rarely gets rest. That might not be the exact point, but that’s what I remember.

The last big equalizer was World War II, which brought the classes together in a major way. I think AI, automation, and robots are going to add a force multiplier to the pace of separation we are are about to experience.

As I’ve written about in many other posts, people are largely becoming unemployable, and the numbers and percentages of this group are growing rapidly. So what we’re heading towards is a massive and stark separation between those in perpetual struggle and those who live like techno-gods, enjoying the best food, the best entertainment, travel, leisure, etc.

I’m concerned about the role of media on this harsh separation. I’m worried that we could be heading into French Revolution territory due to the media being able to expose, magnify, and add narrative to the difference between those at the top and everyone else.

Before it was possible for a tiny percentage of people to rule over the rest. Tens of thousands of elites ruling millions of suffering.

But I’m not sure our new media types will allow this.

Physical separation

The reason I think it’ll become so dire is due to the physical lines that will start appearing in society. It’s starting already, actually.

Certain inner cities will become home for Alphas alone—the top 5% of the population who can afford to live, work, and play there. And inside that city will be the newest condos, high-end malls, farmers markets, custom/one-off shops of all kinds, and lots of liberalish language and messaging—all about inclusion, you see.

But the people making it all possible, i.e., cleaning the floors, serving the food, washing the cars, etc.,—they’ll all live 30-60 minutes outside of town. They’ll spend inhuman amounts of time commuting to jobs that barely pay any money and that are under constant danger of being replaced by automation and robots.

Roving through the inner city circle will be tons of automated security. Cameras of course. But autonomous security vehicles. Drones. Microphones. Satellites. The whole cocktail. The place will be extraordinarily safe. A veritable playground for the top 5-10%.

And if a Beta wonders in after hours, or lingers too long after their shift, the security forces will tag them as suspicious. People will wonder why they’re still here. Why are they sitting in the chairs like patrons instead of serving someone?

Vehicles, people, groups—they’ll all be tagged as native or external, in order to determine the necessary level of scrutiny.

It’ll lower crime of course, because the Alphas will not only be unlikely to commit crime anyway, but they’ll also know it’s pointless to try to get away with anything. Same with visiting Betas; they’ll know it’s very hard to do something and get away with it. And if they’re working there they won’t want to risk losing their “amazing” job.

The media will highlight this

So we’ll have green zones and red zones.

Green zones are where the rich live and play. They’re heavily surveilled areas. Extremely clean. Brand new everything. Sterile perhaps, but there will also be some genuine relaxation as people roll around in their well-earned success. Congrats on those genetics and family and education choices—you picked them well.

Anyway.

The green zone will be highly secure. Safe. Happy. Vibrant.

And there will be plenty of social media streaming from these places. There will be “media” channels showing just how much fun they’re having on a regular basis. The party scene. The beautiful people. The good times.

Meanwhile, in the other 90% of the world, they sit in shit housing. With little insurance. Maybe not working, or maybe working three jobs with no benefits and unlivable wages.

And they watch.

They see all these happy ten percenters enjoying their autonomous vehicles, EDM clubs, perfect safety, healthy families, etc. And they start to get angry.

The Alphas have to leave the green zones of course. They venture out. They go shopping. They go into the more “real” areas, and tell their friends about it.

Red Zone food is so great! So authentic!

And the Red Zone people see them come in, they see them eat the food, served by other Red Zone people, and then speed off in their new model autonomous cars back to the safety and beauty of the green zone.

400 million people in America. 40 million of them are Alphas, the other 360 million are Betas.

And some of the channels watched most by the Betas start to talk about how it’s not fair. It’s not equal. Their kids aren’t more important than ours. Why are we serving them food and building their houses?

And then it gets said.

Why do we settle for this? How about this? Any Alpha that comes into this part of our town is getting rolled. We see you without enough security and we’re going to take you out.

And it’ll happen.

Alphas won’t be able to move around outside the green zones without significant security, because there will be a number of media-powered regular folk ready to take out their frustrations.

And sometimes they’ll just roll into the green zones and tear some stuff up.

The red zones will be run like third-world countries. The police will be bought off by criminal elements. They won’t protect areas that aren’t paying. They’ll be taking part of whatever they confiscate. It’ll be a sham job, like it is in so many developing countries.

The races will separate. Hatred will rise. They’ll fight amongst each other, even though the pressure is coming from above and outside, not from within. They’ll blame each other for their position, just like the midwest is now.

Hospitals, police, utilities, etc.,—they’ll all be sub-par compared to green zones.

Diversion or destruction

So that’s one thread and option. Basically the classes massively separate and the ability for the Betas to see the Alphas like never before will exacerbate and accelerate French Revolution-style revolt.

Violent conflicts will enhance the separation even more starkly, and this trend will continue as long as the Betas are not occupied.

So it’s possible that the Alphas will devise a system for making the Beas happy in their places.

If you keep them safe, fed, warm and dry, and give them something fun (and fulfilling) to do with their lives, they actually won’t have any reason to care what the Alphas are doing as much.

This will come in the form of gaming. VR and AR gaming.

Game companies will provide massive infrastructures to occupy the entire country’s and world’s masses. And as long as they are able to get into the games, watch the shows, participate in them, they will be ok. Many of the advantages inside the games will be better than what the Alphas have in real life anyway, so there won’t be that much incentive to be angry.

This all hinges on the bottom 90% being provided with sufficient living conditions and the ability to entertain themselves with these games in a safe and sustainable way.

That’s Basic Income, basically. That’s the Alpha class paying for the Beta class to not revolt, essentially.

But gaming will be a bit of a misnomer. It’ll be more like living, but in a game framework, which is more like an alternative life framework.

I think there will be job roles in-game. Security. Police. Military. Some people will be bad guys, some people good guys. Some people will clean and serve and support, just like in real life.

The key is that this will provide them essential meaning, which everyone needs. Alphas will need it too, and maybe even more. Things that come easy don’t make for the underpinnings of a fulfilled life.

Meaning requires struggle. Purpose. Service. And contribution to a greater good.

Some Alphas and Betas will get this through real-world work, but most will get it through alternative reality.

Sustaining this model

So people will be encouraged not to reproduce too much. To be good citizens. To play and find value in the alternative reality, and to avoid questioning the structure that has been set up.

Many Alphas will go on living regular, analog lives and getting value that way. Most Betas will do whatever they have to do to pay for their alternative reality subscription, or whatever perks and mods they want to enhance their experience with.

And many Alphas will do the same.

As time goes on, actually, the Alphas won’t have jobs either. More and more will be taken over by automation, and as this happens a higher and higher percentage of people will live inside the alternative life framework. The government/corporation will pay people to not have kids, and to be good consumer citizens who provide value in-game.

Summary

In short, we kind of have two main options going forward in this soon-to-be hyper-separated class structure.

Give the unemployed and/or restless masses a diversion through virtual/augmented reality, or
Deal with the inevitable revolt from the 90% against the 10%.

There are many variables in play here, and some of them might add options to this list. But I don’t see them.

It’s going to be one or the other (or some combination).

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

The left and center of this country used to think that the biggest calamity to befall the country was half of the population thinking Trump would be a good president.

That’s no longer news, because it’s been bumped off the top spot by something even more depressing: close to half the country actually thinks he’s doing a good job.

I feel like the left is criminally out of touch with how half of the country thinks, and that’s a real problem.

I think most of the left still believes that this massive mistake was made, and that everyone hates Trump but it’s too late to do anything about it. So now we’re stuck with him.

But, as of today, 43% of the country isn’t stuck with anybody—they’re liking what they see.

Every once in a while I hear something he’s doing that I agree with, which is usually around breaking up some horribly maligned system that has been impotent and corrupt for years or decades. Trade with China is one. Can’t remember any others.

But most everything I hear from him generates physical wincing, like I just swallowed a mouthful of rotten meat that I know is going to make me sick for days. The budget where he cuts a whole bunch of things that have very little cost, and adds to the one thing where we’re spending too much. The inability to act like a human, let alone a U.S. representative, when talking to foreign leaders. The healthcare move.

What he’s doing reads to me as 10% positive, “shake it all up” vibe, mixed with 90% botched and horrible.

Oh, and the conflicts of corrupted interest.

Anyway, that was a tangent. My point is that the real problem isn’t Trump. The real problem is that half the country thinks he’s doing a good job.

Like I said before, “It’s the people, stupid.”

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Lots of regular, educated people are incensed about the fact that Republicans reject man-made climate change.

The biggest frustration is that their opinions seem immune to evidence, and yet the solution seems to be presenting even more.

It doesn’t work.

But there’s a precedent here that tells us everything we need to know: Republicans don’t even believe in evolution.

As the chart above shows, 48% of Republicans in 2013 believed that,

Humans and other living things have existed in their present form since the beginning of time.

I suspect those numbers are higher in 2017 than they were then.

Climate science is hard. It’s complex. And frankly, scientists are not doing a good job at all of making their case in a clear and simple way.

But evolution?

Evolution is the standard for rock-solid theories as judged by unbelievable amounts of evidence that continue to collaborate the only possible explanation for our observations.

It’s simply obvious to anyone with an open mind and an education. But half of Republicans reject it.

My explanation is this:

They’re not open-minded.
They’re not educated on the science (because they’re not open-minded).
They know evolution is the liberal explanation, and they don’t want to agree with liberals because it means possibly endorsing their worldview as well.
It goes against the Bible.

Number 3 is a big one. There are tons of studies showing that people don’t accept evidence when the implications of accepting it would lead to policy they don’t want.

Liberals have this problem with evidence that having more guns doesn’t necessarily lead to more gun violence. They reject these numbers because they don’t want more guns. Conservatives have this problem with evolution and climate change because they think a consensus will lead to changes in schools, more taxes, more government control, etc.

Summary

The main point is this: if we can’t get half of Republicans to accept evolution—which is clear fact at this point—then there’s virtually zero chance of getting those same people to accept something with a worse narrative and far more political implications.

Additional evidence is not effective in convincing people who have an idealogical reason to reject that evidence.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

I was talking to my friend Mark the other day about the election and stumbled upon a realization.

There are two primary forces that pushed most of rural, white America to vote for Trump.

The disappearance of blue-collar jobs.
Overzealous political correctness.


The loss of American Jobs

The jobs have gone away and aren’t coming back. This has nothing to do with politics—it’s simply progress. American manufacturing output hasn’t fallen—it’s actually increased. Only manufacturing jobs have fallen, and that’s on account of automation. Hiring more humans to do manufacturing work would hurt manufacturing, not help it. This is true because machines are simply more efficient.

This concept of progress being both a) inevitable, and b) bad for human workers is not something middle America understands. They seek an enemy to blame it on, which leads us to the next point.

Too much of a good thing

The far left has turned political correctness and outrage into a sport. They’ve taken something good and necessary and morphed it into an extremist spectacle, and middle America cannot stand it.

What happened should have been expected: rural America combined these two things together, and assigned the blame for the first on the authors of the second.

Every single day they’re slapped in the face by a maligned version of political correctness, like 1,000 paper cuts, and at the same time they can’t find work.

It must be them.

I’m sure there are far deeper and more nuanced descriptions of what happened in the election, but I like abstraction to simplicity. They knew for sure that the liberals were responsible for one thing they hate (PC), they couldn’t find the cause of the second one (Job Loss), so they blamed them for both.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

This week’s topics: The Vault7 CIA dump, Russian shenanigans, Dahua, Verifone, mandatory genetic testing, WordPress, atomic storage, Google Kaggles, presenting at HouSecCon, fasting research, data wars, chaos, voice interfaces, tools, projects, and more…

This is Episode No. 69 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to here or read below.

Infosec news  





Wikileaks released a massive dump of CIA files, now called Vault 7, to the public last week. The core of the content was information on various techniques the CIA could use to gain access to target systems, including Android, iOS, consumer routers, consumer Smart TVs, etc. The leak has spawned massive discussion on the internet about how new or old the exploits/attacks were, who the likely source of the leak was, whether Russia was involved, etc. The biggest misconception that came out of the whole thing was that they had hacked Signal and other secure messengers. They didn't. They hacked Android, which allowed them to steal the information before it got to Signal, et al. Anyway, my personal opinion is that this is most likely a continuation of the Russian campaign to discredit attacks on Trump, and thus to improve Russia's position in the world. Link



Russian espionage and Russian cybercrime appear to be more linked than most people thought. Evgeniy Bogachev is a known cybercrime player out of Russia, but he's also been implicated in a lot of the election-related activity from last year. He also appears to live quite comfortably within Russia, much like a prized asset as opposed to an unwanted criminal. Interesting analysis from the New York Times. Link



Verifone, the largest maker of credit card terminals used in the United States, is investigating a break of internal networks that might have impacted numerous companies running its POS solutions. Verifone is saying that it was merely an internal network breach and that it didn't affect their payment system products. Link



Brian Krebs reported that Dahua, the second largest IoT manufacturer of things like security cameras and DVRs just patched a major hole that allowed attackers to completely bypass authentication in some significant percentage of their devices. You could basically request the password list for any device, get a list of users and hashes back, and then send any of them in your own request to get access. Link



A House committee has proposed a law requiring employees to undergo genetic testing as part of workplace wellness programs, and will allow penalties of up to 30% of the cost of the insurance if they don't provide the data. Link



A major vulnerability was found in Apache Struts 2 web application framework last week, and scans were very active looking for vulnerable targets. The flaw was in the Jakarta multipart parser upload function, and it let an attacker send a malicious content-type value and execute arbitrary system commands. Make sure you're patched. Link



WordPress issued a new release (4.7.3) to address six vulns, including some XSS, a URL validation issue, file deletion, and a CSRF issue. Patch early, patch often. Link



Consumer reports is adding cybersecurity to their list of rating criteria. The layout for the requirements looks pretty decent as well. Link



An Intel Security report says 93% of companies have security strategies, but only 49% are fully implementing them. I think 49% is quite high. Either they didn't respond truthfully or their strategies are really weak. If half of the companies I went to had a security strategy and were fully implementing it I'd be overjoyed. It ain't true. I'd put that number closer to 5%. Link



Cornell did some interesting research on mobile MAC address randomization. They claim they can defeat randomization on Android with 96% accuracy using one technique, and all main platforms leveraging a previous vulnerability. Link



CA bought Veracode for $614M. So let me get this right: Fortify is being sold to Microfocus. WhiteHat is basically dead because all their talent left. And now Veracode has been sold to CA, which means we probably won't hear much from them anymore. Who's left? CheckMarx has to be loving this. Link 



InfoSec Sales Engineers evidently make between $180K and $220K, making them higher paid than security engineers and cloud security engineers. It's evidently the need for a combination of skill sets, including technical skills, soft skills, and (although they didn't mention it) the willingness to travel and interact with customers constantly. Link





Technology news                                                    





IBM researchers have found a way to store data on a single atom. Link



IBM has over 600 employees working on the possibility of replacing bloated and unwieldy supply chain documentation with blockchain technology. Walmart and Maersk are among the companies who are interested. Link



Twitch, an Amazon company, has started rolling out a Twitter-like competitor called Pulse. It's not quite a Twitter clone, though, because it's really meant to just magnify Twitch content, so it ends up looking a lot like a combination of a push-based RSS system, a sharing platform for Twitch media, and a commenting system. Link



The head of the largest advertising firm says Amazon is a major threat to them. I think it's very smart for them to realize this. It's the Google for products, and Amazon is just scary good at almost everything they touch. Link



Google has purchased Kaggle, a company that hosts data science and machine learning competitions. Link



AT&T and T-Mobile are in the middle of a massive rate plan battle that is really making it nice for customers. They're especially focused on unlimited data plans. If you're a customer of either of these companies, and especially if you use your plan for tethering, consider going in to see if you can upgrade to a better / cheaper plan. Link





Human news                                                  





There's a bunch of new research on the benefits of fasting to the human body. This study talks about alternate day calorie restriction, where you eat far fewer calories one day, and then far more the next. It's early, but this appears to be some of the most promising research on weight loss and immune system health in a long time. Link 



Researchers are finding increasingly interesting links between sleep, sunlight, and depression. Link



Children prefer reading books on paper rather than screens. Link



Deep Learning is helping hearing aid users pick out voices in crowded rooms. Link



Why Facts Don't Change Our Minds Link





Ideas





The Bifurcation of America: The Forced Class Separation into Alphas and Betas Link 



First and Second Order Chaos Link



A Response to Benedict Evans on the Limitations of Voice Interfaces Link



Voice Interfaces Are a Combination of Voice Recognition and NLP Link





Discovery





Why the Future Doesn't Need Us. One of the first essays I ever read on the topic of future technologies and how they might affect humanity. It's from 2000 and written by Bill Joy. Highly recommended. Link



AuthMatrix — A Burp extension that provides a simple way to test authorization in web applications and services. Link



How to permanently update Burp's attack strings by editing the .jar file. Link



An interesting little visualization of different infosec career jump points. Link



MobSF — A mobile security testing framework. Link



Gartner's AppSec Magic Quadrant Analysis. Link



Bloodhound — Uses graph theory to reveal hidden and often unintended relationships within an Active Directory environment. Link



Fascinating relationship analysis around Trump, his associates, and Russia. Link



Some fantastic analysis by Robert Graham on the CIA leak. Link



A quiz to learn about your personal circadian rhythm. Link



An in-depth study of over 10 years of Java exploitation. Link



NAND has released a fascinating study on 0-day and exploit data and how much harm is caused by various entities sitting on them vs. releasing them. Link



Bash Bunny — Hak5's latest pentest tool. It emulates trusted USB interfaces like ethernet, serial, flash storage and keyboards, etc., and as a result it receives tons of sensitive data from the system. Link



How online gamers use malware to cheat. Particularly interesting to me since I'm currently working on a game security project. Link



System Design Primer — Learn how to design large scale systems. Prep for a system design interview. Link





Notes





I'll be presenting at HouSecCon with my buddy Jason Haddix on the 23rd of this month. The presentation is on The Game Security Framework, and we're going to be talking all about the project's structure, the data we have so far, and where we're taking it. Link



Getting closer on my OSINT primer. I have onsite customer work next week, but I'm hoping to still finish it within a week or so. 



I'm almost done with Sapiens and I'm moving on to Homo Deus, by the same author. By the way, it's Deus (as in the second version of humans), which makes more sense than what I mentioned in the podcast last week.



I finally removed the single ad I had on my website and moved to a sponsorship model. The site is currently sponsored by Netsparker, a strong web application scanner I've used off and on for many years. It's nice to not have an ad network (JavaScript) running on the site anymore, even though the one I used wasn't bad at all. Now it's just text and a link—super clean. If you need a good web scanner, head over to my site's sidebar.




Recommendations





Remember to focus on your Eulogy attributes, and not just your Resume attributes. If you were to die tomorrow, and your eulogy were next week, what would people say about you? Are they the things that you would want them to say? Take the actions that would make that the case.





Aphorism





"Extraordinary claims require extraordinary evidence." ~ Christopher Hitchens

Thank you for listening, and if you enjoy the show please share it with a friend or on social media.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

There is something monumental and transformative happening in the United States that very few people are even aware of. It’s been written and talked about for decades, but the conversation is always so academic that it never reaches those who need to hear it most.

Our country is in the process of being ripped into two distinct classes—The Alpha Class and the Beta Class.

I use these names on purpose because they sound classist. They sound as if they imply superiority and inferiority. They sound judgmental. As someone born and raised in the SF Bay Area, they sound offensive. And that’s a good thing; I’ve grown tired of sneaky euphemisms for the extraordinary restructuring of society that’s happening all around us.

The lie we’ve been told

Tens, or maybe hundreds of millions of people in this country believe a horrible lie that goes something like this:

You can get ahead by working hard even if you’re not exceptional. Get a high school diploma. Get a college degree. The degree doesn’t really matter—there’s work out there for you. You won’t be rich, but you’ll have a good life. You’ll be part of the “middle class”, and you’ll have a happy family, time off, sick time, vacations, and you’ll grow old and have a decent retirement.

It’s a filthy fucking lie, and people who believe it are walking themselves (and their children) right into a wood chipper.

Alphas and Betas

The reality is that there are two classes: The Alphas and the Betas. If you don’t know which you’re in, you’re probably a Beta. Here’s how they break down.

The Alpha Class
Members of the Alpha Class are smart, lucky, social, have rich/connected families, or are otherwise imbued with genetic or environmental gifts (another form of luck) that helped them succeed. Most went to a four-year college (at least). Most have good self-discipline.


Most come from good families that insisted on both the discipline and the college. Others are exceptionally bright or talented and succeeded due to a combination of luck and hard work. Whatever the combination of factors, Alphas command salaries of at least $120,000 per year.

Alphas live the lives that America promised. They tend to have one main, high-paying job, although they may do other jobs for fun and/or extra income. They have health insurance. They have sick time. They have some level of control over the type of work they do, and how they execute that work.

Alphas are free to consume the best in life. They enjoy the cinema. They buy electronics. They buy brand name clothing and accessories. They lease vehicles, because they only keep them for a few years anyway. They have good credit. They can get a loan whenever they want to. They have a retirement strategy.

The Beta Class
Members of the Beta Class are less intelligent, less lucky, less social, come from poor and/or uneducated families, or are otherwise lacking genetic or environmental gifts (another form of luck) that would have helped them succeed. Most did not attend a four year college, and many lack self-discipline because they did not come from good families that insisted on both of these.


Others are simply not very smart and cannot adjust to the constantly changing environment at work or in life in general. Whatever the combination of factors, Betas make less than $75,000 and often no more than $40,000 per year.

Betas live in a world of struggle. They either don’t work (a massive number of Americans not only don’t have a job but aren’t even looking), have a single, low-paying job, or they have many low-paying jobs because they’re extremely hard working. They tend not to have good health insurance, if they have it at all. They have very little sick time, or couldn’t afford to use it if they had it. They have very little control over the work they perform, and are frequently treated horribly by management at work, e.g., being given just enough hours to not qualify for benefits.

Betas enjoy very little in life. They can’t afford to spend money on restaurants, movies, and other entertainment. They can’t buy the latest and greatest gadgets on TV. They buy second-hand and off-brand clothing. They buy used vehicles because they don’t have the credit to get into a lease. Getting a loan is a nightmare, unless it’s at the local check cashing establishment. They have little or no savings or retirement.

Rejecting the lie and embracing reality

So with that brief and imperfect introduction to the two remaining classes in America, allow me to relay some difficult truth.

If you are in high school and you don’t yet have plans for your future, you’re about to enter the Beta Class.
If you are raising children and you haven’t prepared them with a college education, they are about to enter the Beta Class.
If you are in high school and “just kind of hoping things will work out”, you’re about to enter the Beta Class.

Essentially, if you’re not actively defending against being part of the Beta Class, then that’s where you’re going.

TABLE 1. — Alpha numbers shrinking in coming years.

My prediction is that the number of people in the Alpha Class will continue to shrink in coming years as the middle is completely destroyed, leaving everyone else in the Beta Class. Beta is the new default, in other words, and Alpha is something you hope to achieve through some combination of preparation, hard work, and luck.

Waking up

I’m going to state the severity of this problem as clearly as possible:

Alphas are those who enjoy American society, and Betas are those who support them doing so.

Alphas regularly eat in restaurants. Betas serve them food and wash their dishes.
Alphas drive expensive cars. Betas wash and service those cars.
Alphas buy expensive merchandise online. Betas answer the phones when they have problems.
Alphas have passports and travel the world. Betas work in airports and drive them to their destinations.

I hope you’re as sickened by reading that as I was by writing it. Get mad. Feel something. Wake the fuck up. Tell everyone you care about. This is happening, right now, all around us.

So, what can we do? I have a few recommendations:

Focus on what you can do to get ready. Vote, become a protester, enter politics, whatever. But don’t confuse those actions with preparing you and your loved ones for the world that is already here and that’s quickly becoming more severe.
Take the evil out of it. You can burn a lot of energy focusing on this group or that group that’s responsible because “they’re evil and they want to destroy America”. It’s a lot of bullshit. The number of historical, economic, and social factors leading to this reality is unbelievably massive, and it’s most definitely not because of the damn Liberals or the damn Republicans. Remove the emotion and focus on action.
Spread this message. It’s not enough to get this yourself. Help others realize that, no, it’s not “just going to work out”. Let them know that the default state is Beta, and that it won’t be pleasant.

I truly hope this essay helps someone see what’s coming—especially those who are bringing new lives into this world.

Notes


I do information security for a living, so take this for what it is—a potentially useful mental model for evaluating the world and how best to live in it. The numbers and estimates are just that—estimates—based on little more than lots of reading and thinking by a semi-intelligent, non social scientist / historian. This is not a theory, and it’s not data. It’s an idea with numbers.
I mention America specifically because I live here and know it best, but this is actually a global phenomenon. Some countries with high social and income equality will maintain a third, middle-ish class because of this, but I haven’t any idea how long that will last.
I obviously have no idea exactly what the exact Alpha/Beta numbers are, or the exact year that they’ll reach a particular number. It all depends on a) how you classify Alpha and Beta, and b) data from the real world that determines how many people are in each. Neither of those are easy to capture. My argument is simply that the numbers useful at the level of accuracy they have. But if you have a good argument that they should be higher or lower, I’d love to hear about it.
Some of the books and articles I’ve read that have informed my opinion on this include: Sleeping Giant, numerous articles by Yuval Noah Harari, Why the Future Doesn’t Need Us, Humans Need Not Apply, and dozens of other similar pieces.
You’ll notice there’s a big gap between the $75,000 and $120,000 salaries I mention here. This is for a couple of reasons, but the biggest one is that I think there are about to be far fewer mid-level positions and salaries. More and more people will either go up or down, and most will go down.
I tried to make this very clear in the text, but if you know any of my views on free will you’ll know that I place no specialness on Alphas, or judgement on Betas. I believe it’s *all* a matter of luck, including the go-to explanation from conservatives of “hard work”. Where do you think you got that work ethic from? It was either genetic or it came from your environment, and neither of those were up to you. So I see all of this as a description of reality, not a judgement of those in it.
There are obviously some remnants of a middle class that makes little money, isn’t college educated, etc., but that still has savings and a retirement. But it’s a dying class that’s being replaced by the two above.
There are many different types of people who make less than $75,000 per year, and some of these descriptions apply to one group and not another. In general terms, there is a working class that’s poor despite both parents working multiple jobs, there are people who are actively seeking and not finding work, there are those who were working but have now given up and live at home or with friends, and there are those who are simply taking as much as they can from the government, with no intention of working.
Before all my conservative friends complain, yes, I am aware that there is another class that is Beta on purpose. They take as much as possible, use government benefits to their advantage, etc. It’s a welfare class and it’s well documented. While it’s definitely true and a factor to some degree, the numbers are actually rather small compared to those who are not working but not receiving benefits, or those who are working but not making much money. So yes, it’s a real topic, and a problem to be solved, but not one that affects this model.
I’m getting the top 15% salary of $120,000 per year from here. That of course doesn’t mean it’s going to represent the Alpha Class permanently, but it’s a good start.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Benedict Evans wrote a great piece about voice interfaces where he argues his position that voice interface isn’t quite the future of computer interface that we think it is.

He mentions a few constraints.

Given that you cannot answer any question, there is a second scaling problem – does the user know what they can ask? I suspect that the ideal number of functions for a voice UI actually follows a U-shaped curve: one command is great and is ten probably OK, but 50 or 100 is terrible, because you still can’t ask anything but can’t remember what you can ask. The other end of the curve comes as you get closer and closer to a system that really can answer anything, but, again, that would be ‘general AI’.

The interesting implication here is that though with enough money and enough developers you might be able to build a system that can answer hundreds or thousands of different queries, this could actually counterproductive.

Source: Voice and the uncanny valley of AI — Benedict Evans

Here he’s basically saying that the axe has a blade for a handle—the more work you get done (by adding more and more commands), the more damage you do to your hands (because nobody will be able to remember those commands).

There’s a set of contradictions here, I think. Voice UIs look, conceptually, like much more unrestricted and general purpose interfaces than a smartphone, but they’re actually narrower and more single-purpose. They look like less friction than pulling out your phone, unlocking it, loading an app and so on, and they are – but only if you’ve shifted your mental model.

This is where I think he’s wrong. It’s not a matter of “if” we shift our mental models; it’s a matter of when.

As he talks about elsewhere in the piece, Google and others are working on populating their systems with hundreds or thousands of the most common commands, and ensuring that the responses to these are rewarding and useful.

That’s all that needs to happen. Alexa has a small number of commands it can do, but it can do them really well. And when it fails, it fails gracefully.

Siri is the opposite. It makes you feel like you can say anything, but half the time she doesn’t understand you, and the other half she does something stupid even when she does. This hurts peoples’ confidence in the voice interface, and keeps it from becoming their default.

Minimum viable confidence

There is a confidence number—let’s call it 90%—where people will use voice for most things by default. Alexa is nailing the execution, but lacks the depth. Siri is lacking on both. So let’s say we’re somewhere around a 60% right now on this confidence score.

All it will take to hit that magic 90% is one or more companies to use the Alexa approach and competently solve the top n number of most common queries. And like Benedict said, it’s already being worked on.

Humans are relatively static animals, so the number of scenarios we’re talking about is relatively small. I have no idea the actual number, and I’m not sure anyone does, but I’m guessing it’s several hundred to a few thousand.

Once we hit that number—with Alexa-level quality—we will also hit the 90% confidence level that people have with voice interfaces, and it will then become a default for most daily tasks.

It’s true that some tasks don’t work well without a visual component that allows you to quickly scan lots of data and make a selection. Benedict gives the excellent example here of booking a flight. But I have a few counters for this point.

Most day-to-day activities that you could use your assistant for aren’t in this category.
There will be workarounds for this, such as detecting whether you have a display available and failing gracefully when that’s the case.
Using machine learning to make intelligent guesses about what you would have chosen if you’d had the visual interface.
Having a hybrid voice/display interaction available for when displays are available that make voice even more attractive. Gesture and eye-tracking tech will enhance this even further.


It’s only day zero

Finally, I think the most important thing he’s missing is the absolute Day Zero nature of our current offerings. Alexa wasn’t in homes three years ago. Five years ago, facial recognition and Go and Poker were untouchable by computers, and it was assumed that this would last for decades (or forever).

That was basically yesterday.

So it seems extraordinarily likely to me that mapping the top n number of daily human task requests—and reaching the “minimum viable confidence level” in voice interfaces—will happen within the next five years.

That is to say that people with Alexa-like devices (and perhaps their mobile devices as well) will have made the transition to voice-first as their default method of interacting with those systems, and that pushing and poking will be considered a fallback position when in a home setting.

We don’t need to solve every problem. We only need good enough. It’s a one or zero—we’ve hit the magic confidence requirement or not. And if we had Alexa-level responses to most everything we need during the day, that would get us there.

I take all Benedict’s points, but I think we’re so early in the game that we’ll find ways to address them using various techniques. I think voice becomes a natural and default interface for home-based computers within five years, and that mobile will come soon after.

Notes


There is an interesting facet of this that will keep mobile push-and-poke for far longer: solitary mobile browsing probably makes up some massive percentage of total computing time. People sitting on a subway train aren’t going to be using voice. They’ll be pushing and poking just like they have been. So it’ll be interesting to see how people manage both paradigms in their minds, i.e., voice for issuing commands at home and while alone on mobile, but still manually swiping and typing when looking at Facebook, Reddit, etc. among others, at work, in line at the market, etc.
I’m also not sure the Uncanny Valley analogy works well here. To me that would apply if the responses returned by a voice interface were almost right, but not quite, and the effect produced an uncomfortable sensation in the user. An example might be giving back a perfect set of words, but with the wrong tone. Or saying something formal while using informal language. It’s basically a near-perfect execution that makes it worse because it’s so close but not quite. So I don’t think the issue of not remember what commands to use would apply there.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

I was just reading Sapiens, by Yuval Noah Harari, and he mentioned something interesting about chaos.

There are two main classifications of chaos.

First Order Chaos doesn’t respond to prediction. The example he gave is the weather. If you predict the weather to some level of accuracy that prediction will hold because the weather doesn’t adjust based on the prediction itself.
Second Order Chaos is infinitely less predictable because it does respond to prediction. Examples include things like stocks and politics.

Basically, the first kind you can apply science to and end up with predictable behavior (within limits) even if the phenomenon is chaotic. But the second type is extremely resistant to this when the results of the predictions are available to others to respond to.

I think it’s super interesting, and useful, to recognize the difference between these two types of unpredictability.

Notes


Image from worldofpiggly.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.