Daniel Miessler's Blog, page 36

window.location.href = "https://mailchi.mp/danielmiessler/uns...

No related posts.

I’m evidently in the minority, but my first reaction to Elon Musk buying Twitter was a positive one.

I could be wrong because I don’t know what they’ve watched.

And I think I know why there’s a disconnect between me and many of my tech-peers on Twitter. In short, I’m watching a lot of what Elon actually says, and my feeling is that many on Twitter are reacting to what they think he’s said. I could be wrong about that, but I don’t think I am.

At least in my own anecdotal experience, I don’t find much overlap between people who actually follow and (mostly) like Elon, and people who think he’s a horrible menace to society that shouldn’t be allowed anywhere near Twitter.

Very little overlap.

I know tons of people who hate him, but they tend not to watch his talks or his interviews. They have formed their opinions based—in my view—on other peoples’ opinions. Conversely, I know tons of people who follow his interviews and his talks, and I don’t know any of them who think he’s a true menace to society.

That said, I do think he’s a bit loose sometimes, and a bit eccentric, and a bit irresponsible, and a bit petty. And these can combine into something downright undesirable at times. Agreed.

But let me tell you why I don’t immediately cringe when I hear he’s buying Twitter. Here’s a quote from his interview at TED on April 14th:

I just think it’s important to the function of democracy. It’s important to the function of the united states as a free country, and to help freedom in the world, more broadly than the US. I think there’s civilizational risk is reduced the more we can increase the trust of Twitter as a public platform.

He goes on to say:

Join the Unsupervised Learning CommunityI read 20+ hours a week and send the best stuff to ~50,000 people every Monday morning.

I could technically afford it, but this is not sort of a way to make money. My intuitive sense is that having a public platform that is maximally trusted and broadly inclusive is extremely important to human civilization, and I don’t care about the economics at all.

Now, you hear something like that, and you might be inclined to call bullshit. It’s a fair response in most cases, but Elon Musk is not most cases.

He doesn’t collect material thingsHe doesn’t own yatchsHe doesn’t own large homesHe says with family and friends when he travelsHe single-handedly moved the automotive industry to electric vehiclesHe single-handedly reinvented space travel

When you take all those together, and you hear that same man say he’s not doing this for the money but because he thinks it’s important for society, I think we should believe him.

That doesn’t mean he doesn’t need to work on his shit. He should definitely be more cautious with how he critiques things and makes random comments.

But when you have someone contributing so significantly to human civilization, we should expect some eccentricity. And no that doesn’t mean he gets a pass. He doesn’t get a pass. I’m saying we should expect some kind of strange behavior. Often that’s the desire to hoard wealth and power and a military for the purposes of world domination. I’ll happily take cannibis jokes and a public adversarial relationship with the SEC over that.

This guy is a humanitarian nerd who’s literally trying to help our species the best way he can.

That’s my read of the situation. For now, anyway. And future behavior could easily convince me he’s doing more harm than good. But for now—on the ledger of human benefit vs. harm—I think he’s squarely in the green.

This is UL Member Content

Subscribe

Already a member? Login

No related posts.

I’m a fan of Scott Galloway. I’ve been following him since a few years before the pandemic. He’s super smart, he’s entertaining, and best of all he’s self-aware and vulnerable while doing so. 

But lately I’ve been getting a bad vibe. It’s been building up actually, over several months, but his analysis of the whole Elon Musk and Twitter thing has bothered me a lot. He’s basically ranting two things: 1) there’s no way he could actually buy Twitter, and 2) there’s no way he could be trying to do something good in attempting to do so.

I don’t know much about the financials of buying multi-billion-dollar companies, so I leave that kind of analysis to people like Scott. It appears that, just like with Tesla stock, he was wrong. But much worse in my account was him being wrong about motivation. If you watch what Elon has actually said about why he might want to buy Twitter, and you actually listen to his answers, one thing becomes clear. He cares about the quality of conversation in the world.

That’s it. That’s the whole play. He said he doesn’t care about the economics of it, and he said he isn’t exactly sure what to do, but he wants to get involved to help. This is coming from someone who single-handedly made electric cars mainstream, who changed space exploration, and who’s now looking to revolutionize terrestrial travel by using underground tunnels.

Is Elon sometimes an asshole? Or a troll? Sure. And can he be wrong? Of course. But Scott seems to be making the mistake of assuming bad faith when the evidence is there to realize the opposite. And that on top of his other massive analysis mistakes is starting to make me question his judgment.

I’m fine with Scott being wrong. And even being wrong a lot. As long as he’s mostly right. And as long as he’s almost always right about the important things. And I consider the impugning of someone’s character and intentions to be one of those important things.

Scott. You’re awesome. Please clean this up.

You’re here because you have something like the above in your text files, and it’s driving you towards violence.

The universe sent you here so I can help you. You’re welcome.

The prescribed fix is this:

sed -e 's/^M//'

If that worked you wouldn’t be here. The actual fix is this:

tr -d '\r'

Bonus on this one: it actually works!

Now fix your file and go get some air.

NotesFrom Vim you can do the following as an ex command to get the same result within a file: :%!tr -d '\r'

Exploring the intersection of security, technology, and society—and thinking about what might be coming next. 20+ hours of reading and analysis condensed into a 10-minute summary every Monday morning.

STANDARD EDITION (UPGRADE) | EP. 327 | APR 18 2022 | READ IN BROWSER | SUBSCRIBE

SECURITY NEWS

Finland and Sweden are set to join NATO as quickly as this summer, despite severe warnings from Russia. “Russia is not the neighbor we thought it was.” More

The US says it was North Korea’s Lazarus group that hacked Axie Infinity for $625 million. Lazarus is known for hacking Sony Pictures back in 2014. More

Senior European Commission officials were targetted with Israeli-made NSO spyware last year, according to EU officials that provided documentation to Reuters. They learned about being targeted after receiving a notification from Apple. The development will likely add significantly more pressure on NSO Group and Israel to reign in the distribution of their software. More

Sponsor

A Live Walkthrough of the Axonius Platform

We invite you to join us for a 20-minute walkthrough of the Axonius Cybersecurity Asset Management and SaaS Management solutions, hosted on a monthly basis.

This live tour of the platform will explore different use cases and have questions about Axonius answered live and on the air. Axonius allows organizations to:

* Understand your assets – make your asset inventory easy and accurate

* Discover coverage gaps and risks – easily identify security coverage gaps and misconfigurations with custom queries

* Enforce security policies – don’t just find problems, but fix them as they are identified

Save My Spot

A new study found that popular remote conferencing apps don’t stop sending your audio data to the server when you hit mute. In other words, mute might not be mute the way you imagine. This might be disturbing to some, but there’s a new feature that many apps have that detects if you’re trying to speak on mute, which requires that they receive your audio to know this. I think this study is a bit overblown, and that it’s best practice to assume everyone can hear you. More

The US says Russia’s Black Sea Flagship, the Moskva, was hit by missiles before sinking. This corroborates the Ukrainian narrative that they were the ones to sink it. Russia says there was an accidental fire on the ship. More

Vulnerabilities:

* Google Chrome | Detected in Wild More

* Cisco Wireless LAN Controller | Critical More

* Citrix Multiple Products | High Severity More

* Juniper Networks | Control of Affected Systems More

Companies:

* Obsidian Security raises $90 million to detect and fix SaaS security risks. More

TECHNOLOGY NEWS

Elon Musk tried to buy Twitter for $43 billion dollars, and was rejected. And then he joined and left the board within the span of a day, and sent a slew of tweets about the situation. He claims he’s doing it to protect free speech, but it’s not clear how that would work exactly , even if he could buy the company. More More | My Quick Take Take

It’s now possible to use Lambda functions without an Application Load Balancer. The new AWS feature is called Lambda Function URLs, and they allow you to hit Lambda functions directly over HTTPS. Yan Cui from Lumigo has a great write-up on it. More | by Lan Cui Cui

Pokémon Go’s Niantic is making a new AR game called Peridot. It’s a world full of adorable creatures, similar to Pokémon, but the creatures are they’re own IP instead of belonging to a massive, pre-existing brand. Similar to the previous game, gameplay revolves around caring for and breeding creatures. More

Zuckerberg wants to launch their AR glasses and have “an iPhone moment”, but they’re not looking to have them ready until 2024. That’s basically 11 years from now. More

It’s looking like Ethereum’s switch to proof-of-stake will come this fall instead of this summer. More

Robinhood added multiple new coins to its list of crypto options, including SHIBA, SOL, and MATIC. More

Observe.ai has raised $125 million to bring AI to “contact centers”, which I presume is a euphemism for customer service centers, which is a term that’s associated with human jobs. This company does clearly place itself as AI supplementation rather than replacement, because it is monitoring software vs. automated agent software. But I don’t know many that come out saying they’re looking to replace human workers. In other news, my partner got her nails done by a robot on Friday. More

HUMAN NEWS

Around 40% of China’s GDP is currently under some form of government lockdown due to Covid, and many in the country are vocally pushing back on the government policy and implementation. One such policy is evicting people from their apartments so they can turn the complex into temporary quarantine facilities. Multiple videos have emerged of people angrily screaming at white-uniformed authorities as they physically enforce the protocols. China initially got a good amount of positive press around how efficiently they dealt with the first rounds of Covid, but this time the cameras are recording and the rest of the world is watching. More More

New findings indicate that psilocybin frees up the brain and allows increased connection, resulting in improved mood for significant periods of time after usage. Early findings indicate that psilocybin might be able to do in a few treatments what anti-depressants do when taken daily. More

CONTENT, IDEAS & ANALYSIS

A Quick Thought on Musk Buying Twitter More

Disappearing Tools — I voiced my concerns on Twitter that the Project Discovery recon/security tools are so good that I’m worried about them disappearing from the internet. I have some contacts that say this won’t ever happen, but I still worry. It does make me thankful for open source, though, since many thousands of people have downloaded and forked these (and other similar) tools. More More

China’s Visible Crackdowns — As a Westerner who enjoys the fruit of democracy, I’m hopeful that the economic crackdowns against tech companies in China, now combined with their callous enforcement of what they’re calling Zero Covid, will cause significant portions of freedom-leaning Chinese creatives to leave the country permanently. It’s a difficult calculus for China. They believe they’re doing the right thing for the country, in both cases, but they do face the risk of having significant portions of their population wake up one day and choose imperfect freedom over an imperfect CCP. I hope they do. Not so China can fail, but so they can move to a more healthy hybrid between what they have and what we have in the West. More

NOTES

Had another long, in-person friend hangout with Clint Gibler this weekend, and I’m thankful that such things are becoming possible again. Clint is a wonderful friend and nobody should miss miss his TLDRSec newsletter.

I now have a functioning weather station in my backyard. Solar-powered. Rain, temperature, humidity, and wind direction/speed. I went with the Ambient Weather WS-2902C, which was an affordable entry into the space. More

Join the Unsupervised Learning CommunityI read 20+ hours a week and send the best stuff to ~50,000 people every Monday morning.

I am also getting back into radio, which today means SDR. For that one I went with the Flexradio 6400, which was not an affordable entry into the space. I’m really looking forward to having a massive interface on my computer, which is paried with the SDR and antenna that sits elsewhere, and listening to all kinds of goodness from around the Bay Area. Also thinking about this console as well, but it seems excessive. More More

DISCOVERY

Jason Haddix has relaunched his blog! If you’re not subscribed you’re missing out on the best recon and OSINT content out there! More More

Jason and STÖK were on STÖK’s Bounty Thursdays show, and this episode was all about Content Discovery. It was a phenomenal episode, which also featured another great security pro named KUGG KUGG , and if you’re into Bounty or Recon at all you have to check out this episode and the show in general. More More

John Oliver did a great segment on Data Brokers and surveillance capitalism. More

Semgrep rules for auditing smart contracts. More

Nuclear weapons are not as destructive as you think. More

A video on the over-engineering of Japanese mechanical pencils. NSFW if you love pencils/pens/writing utensils. More

How to Write More Clearly, Think More Clearly, and Learn Complex Material More

CNN+ seems to be in serious trouble after its launch, with only around 10,000 daily viewers. As a point of reference, that’s about what my site gets, and they spent a couple hundred million to launch the site. More

Overheard in Silicon Valley — “Only Americans, dictators, and socialists talk about how America sucks; everyone else talks about either how dominant it is or how to move there.”

Actuarial Life Table More

Watch People Do The Thing More

CertRSS — A list of RSS feeds for government CERTS. More

Shubs with some insightful comments on doing offensive code reviews. More

RECOMMENDATION

Add a biography to your reading list. They not only teach you a lot about an interesting person, but they also tend to give you a great history lesson in the process. Two recommendations:

1. The Mind At Play: How Claude Shannon Invented the Information Age More

2. The Man from the Future: The Visionary Life of John von Neumann More

APHORISM

“The more we live by our intellect, the less we understand the meaning of life.”

— Tolstoy

If you’re reading this it means you didn’t get last week’s member issue.

to get all episodes, access to the archives, access to The UL Slack community, book summaries, the book club, as well as special UL-focused content that only goes to members.

No related posts.

My first thought on the whole discussion is that I’m not sure what Musk is arguing exactly.

If he is arguing that Twitter should be treated more like a public square where you can have center and right views be voiced without concern, then I get that. But I think there’s confusion there.

There are plenty of center and right people putting their views on Twitter. They’re not banned. They’re not kicked off the platform. Look at Shapiro. Owens. Carlson. As a few examples.

The problem isn’t Twitter doing something to them; the problem is the people on Twitter doing something to them.

You don’t solve a mob problem by buying the platform that the mob uses.

That’s my confusion with this approach.

I don’t see how him owning the platform, and having more influence over it, will solve the problem of people being outraged by ideas that make them uncomfortable.

You don’t make people respond better to Chapelle’s stand-up by buying the comedy club.

So is he worried about the state of our discourse, and what we consider to be acceptable speech? Or is he worried that Twitter is somehow making that problem worse? I think the problem is the first one, and I don’t see how buying Twitter does anything to fix it.

NotesImage from https://breakinginthehabit.org/2017/09/22/against-a-mob-mentality/.

This is UL Member Content

Subscribe

Already a member? Login

No related posts.

[image error]

SECURITY NEWSThe FBI says Russian attackers are scanning and pose a current threat to US energy systems. More

Apple released fixes for two zero-days affecting Macs, iPhones, and iPads. They are critical CVEs that lead to code execution with kernel privileges. Update your devices immediately. More

There’s a critical RCE zero-day in the Java Spring Framework that can result in the complete takeover of a targeted system. Patch immediately. More Sponsor

Vanta — Making Security Compliance Easier to Manage
There are so many compliance platforms on the market, yet not all are created equal. As the leader in compliance automation, we know exactly what features to look for when choosing an automated platform.

We’ve compiled a list of the biggest differentiators to check for – and we explain how each feature works in order to make your job more efficient as you go through the compliance process. Check out our guide to the 5 must-haves in an automated security platform. Download Vanta’s 5 Compliance Must-Haves There’s also a critical RCE in Sophos Firewall which allows you to execute arbitrary code on the firewall. Sophos saw a few companies in South Asia being targeted with this attack and let them know directly. More

Ukraine’s Defense Ministry’s Directorate of Intelligence leaked personal data for 620 alleged Rusian FSB agents.

A leak from a Russian food delivery app (Yandex Food) shows the dining habits of Russia’s secret police. Yandex said the leak came from an internal employee and includes data on around 58,000 users. Bellingcat got a hold of the leaked data and was able to find GRU phone numbers, other officials associated with the Russian government, and then further link that data to addresses that confirmed their identities. More

Anonymous says they’ve leaked 15 GB of data on the Russian Orthodox Church’s charitable wing. More


TECHNOLOGY NEWSThe train system in the Netherlands had an IT outage which shut down the entire train system. “It is unfortunately not possible to run any trains today.” More | More


HUMAN NEWSThe US economy added 431,000 jobs in March, bringing the unemployment rate down to 3.6%. More

It looks like the supply chain issues might get a lot worse. Before it was Covid, and now it’s another outbreak in China combined with the war in Ukraine. More than a million containers used to go from Europe to China by train through Russia, and now they’re being rerouted by sea, and over 120 container vessels are stuck in Shanghai due to Covid. Everstream Analytics says these events will have effects similar to the Suez Canal blockage problem in 2021. More

Hubble found the most distant star ever seen at 12.9 billion light-years away, and it’s been named Earendel (from Tolkein). It’s at least 50 times the mass of the sun and at least a million times brighter. The coolest part of this is that we wouldn’t have been able to see it at all if it weren’t for a massive galaxy cluster that served as a gravity-based magnifying glass. More | Video

The human genome has now been mapped completely. You might have thought we did that already, but the last 8% or so took a very long time. A lot of that was what was called Junk DNA comprised of 151 base pairs of sequence data. More

A new study in Nature shows that Covid spike proteins create cognitive decline and anxiety in mice. More

In a new study in The New England Journal of Medicine, and the largest study of its kind, Ivermectin has been shown to be completely ineffective against Covid. More


CONTENT, IDEAS & ANALYSIS

A Custom Contact Sharing System — I created a custom personal contact sharing system for giving out my phone number, email address, and contact photo via vCard when I meet someone new. More

My Gaming Idea (2006) — I just remembered a gaming idea I had back in 2006 that reminds me a lot of what we’re now calling metaverse. It’s a pretty fun read. It also reminded me that I printed out multiple copies of this post and mailed it to my friends as copyright. Hilarious. More

Thinking About the Future of InfoSec (v2022) — A look at how I see InfoSec unfolding in coming decades, broken down by org structure, technology, regulation, insurance, automation/AI, and other factors. More

Remote at the Office — Employees are returning to the office just to sit on Zoom calls. I think what companies (and employees) are about to figure out is that going to the office works best in hyper-local scenarios like we had in the 50’s. That means a company where you have a physical office and the vast majority of its employees physically work in that office. Not only that, but they don’t interact much with people who don’t work in that location. This means if you have multiple branches where people collaborate cross-branch, or you want to hire better people by including remote workers, you instantly lose the legacy value of going into the office. It’s still cool to go to a local office every once in a while, if you happen to have a colleague there that you can get a beer with or whatever, but fewer and fewer companies are going to have an onsite advantage simply because there are multiple branches or too many remote workers. This means anywhere you go into an office you’ll still be on Zoom calls, so you might as well stay at home. More


NOTESI’m psyched about these new Schlage smart door locks. They’re one of the first locks that use the Home Key feature within the Apple ecosystem, which is NFC-based lock functionality. So you can walk up to your lock and just swipe with your phone or your watch—even without re-authenticating to the phone (if you have Express mode enabled). More

Good News: My podcast surpassed 1 million downloads! Bad News: Those are my all-time stats, not my monthly stats like Making Sense and My First Million. More
 
DISCOVERYA Collection of Pentest Contracts and NDAs for Freelancers More

The Secrets of Lasting Friendships More

The Jokes That Have Made People Laugh for Thousands of Years More

“I would like to be paid like a plumber.” More

Learn About Concept Maps — This is what I’ve been looking to do with my Concepts page forever, and it’s the reason I’m so excited about moving my PKM to Obsidian. More

The Ultimate Personal Security Checklist More

The Tech Interview Prep Industry More

Dual 75″ 4K TV Floor Computing More

[ RECON ] ReconFTW — A recon automation system that focuses heavily on subdomain enumeration before heading into vulnerability assessment. More

[ CI/CD ] Dagger — A Lego-like DevKit for building powerful, repeatable, and portable CI/CD pipelines. More | Project
 
RECOMMENDATIONIf you’ve ever thought about getting into Solar for your house, now might be the time. I recently priced 4.8kWh worth of solar panels, plus a Tesla Powerwall battery, at around $21,000. Depending on your house (and how much sun you get) that can get you between 50% and 100% of your daily energy use, and massively reduce your reliance on the grid. I think the over-time savings element is less of a sell because it’ll take a while to earn that back in energy usage. My big thing is peace of mind against outages combined with adding to the resale value of the home. I have 18 Sunpower panels and 2 Tesla batteries and couldn’t recommend them more.


APHORISM“History is the discovering of the principles of human nature.”

— David Hume

No related posts.

I’ve been excited recently about the prospect of attending some cons this summer. One of the things that sucks most about cons, or about meeting new people in general, is sharing information with them.

Paper cards are kind of done. And while there a ton of apps for doing contact sharing, they all require you to sign up for some third party. So even if there’s some cool QR Code functionality going on, all those QR Code scans and profile updates are going through their server. Or you could do the hand-eachother-your-phones thing, but that’s become less popular recently.

I just wanted something simple:

You meet someone you want to share your info with.You take some very quick action.They now have your contact info—in the form of a vCard on their phone.

Those are the requirements.

I was initially thinking I’d just create my own QR Code, which points to a vCard hosted on my own server. And then I’d get that vCard printed on some kind of cool Titanium physical card that goes in my wallet. But that requires that I pull out the wallet, and then the card, and then put those back when I’m done.

So I decided to do everything on the phone, which for me is an iPhone.

Luckily, iPhone has touch-based accessibility shortcuts now, where you can open certain apps by tapping the back of the phone. iPhone also has Shortcuts, which allow you to automate almost anything you can do on a phone.

So here’s what I built.

I used Chrome to create a QR code that points to a limited-info vCard hosted on my own server.I created a custom URL that has that QR code on it.I created a Shortcut on the iPhone that opens that URL in my browser on my iPhone.I created a Touch accessibility shortcut that calls that shortcut when I double-tap the back of my phone.

Done.

So now when I meet someone new, I pull out my phone, double-tap the back, and they’re shown the view you see above (except with the real QR code).

I think this will hold me over until the iPhone has native NFC-based contact sharing.