Daniel Miessler's Blog, page 43

A lot of people are dissing the metaverse and NFTs and crypto as total garbage, and I think I see the main point they’re missing.

Reality is falling out of favor for hundreds of millions of people. Perhaps billions.

As the top 10% in the world take larger and larger shares of everything, from wealth, to income, to mates, to fame—more and more of the bottom 90% will simply opt for a different reality where they are able to compete.

Now, surely, some of meatspace’s advantages will follow into the metaverse (the real one, after the dust settles), but this won’t happen all the time because many who are winning in meatspace will be content to stay in that domain. Plus, there will be mechanisms to keep meatspacers out of the “real” world of the metaverse. Like a giant pay-to-play badge overlayed on their special items and such.

I just don’t think enough people—whether normies or journalists—are getting how annoyed people are getting with reality. Speaking just for the US, and just for the bottom 75% of the socio-economic field, life is fucking hard.

Jobs don’t pay enough. The work sucks. You don’t have any control over your life. You can’t afford a nice place unless you live somewhere without good restaurants. And even then you’re barely surviving because there are no jobs there.

They’re looking for an escape hatch from this thing called reality. THAT is what makes the metaverse a multi-trillion-dollar thing. THAT is the reason NFTs will dominate. THAT is the reason crypto and blockchain will succeed (in some form).

It’s not about the technologies themselves. It’s the fact that they are the avatars of reality rejection. They’re the tools that regular people will use to build a better one.

NotesThere’s basically one internet. And there’s one online world in *Ready Player One*. When we talk about *the* metaverse, we’re talking about one thing as well. Right now, however, we have the beginning of the battle for which will win out. And it’s so early the eventual winner might not even be on the board yet. Meta (Facebook) is an obvious good bet, but there’s no guarantee there at all.Image from https://www.uctoday.com/collaboration....

[image error]

SECURITY NEWS

An official FBI email server was hacked and used to send a fake threat email. The email had multiple spelling mistakes and was obviously fake upon significant inspection, but the problem is that the email passed SPF and DKIM checks, meaning it was sent from actual and actual FBI server. The FBI later confirmed the issue and said they were looking into it. More

A new piece of open source malware written in Go called BotenaGo can exploit more than 30 different vulnerablities in routers and IoT devices. Once installed, it works by listening for targets either locally or on port 19412. More

China has built mockups of a US Navy aircraft carrier and other warships to use as missile target practice in the Taklamakan Desert. More

Security vendor Randori is in trouble because they’ve had a working exploit for the PAN-OS vulnerability for months that they’ve been using for pentests. More

Blackberry has found information on an Information Access Broker (IAB) linked to three different hacker groups. Initial Access Brokers are a pretty cool part of the attacker ecosystem: they essentially manage the initial access to companies, systems, and networks all over the world. They work by getting access themselves, and then auctioning off their access to other groups on the DarkWeb. A study in August showed that the average cost for access going back a year from July was $5,400. More

North Korean attackers are using malicous Blogspot blogs to deliver malware to high-profile South Korean targets in the think-tank space. More

China is growing a massive army of hackers, and they won’t be criminals—they’ll be state-sanctioned professionals. More

Incidents:  Costco says a data skimmer has been stealing data from customers. More HPE says customer data was compromised in an Aruba data breach. MoreVulnerabilities:  CISA has relased an advisory on multiple vulnerabilities in Siemens’ Nucleus Realtime Operating System. More Samba has reseased multiple security updates. More SAP Patches Critical Vulnerability in ABAP Platform Kernel. More 14 new vulns discovered in BusyBox. More Zoom patches high risk issues in Meeting Connector and Keybase. More Palo Alto patches a CVSS 9.8 vulnerability in GlobalProtect. More Adobe has released updates for multiple products. More VMware has released an advisory on a priviledge escalation vulnerability in VCenter Server. MoreCompanies: McAfee is going private in a $14 billion private equity deal. More Jetpack has acquired WPScan. More
TECHNOLOGY NEWSSeoul is going to be the first major city in the metaverse. My first question was, “cool, which one?” And the answer is—their own. That’s the trick with all these metaverses: they only work well if you have a big clear winner that everyone flocks to, or if they’re interoperable with each other. Which of course they won’t be. So what we’ll end up with—at least at first—is a bunch of really small metaverses with a limited number of users. What people think of as a metaverse is actually Ready Player One, which of course is an instance of the first version. It’s one big company winning all the marketshare. More 

23andMe CEO says she wants to make better drugs using the insights from her company’s millions of DNA samples. More

AMC now lets you buy movie tickets with Bitcoin. More

Digital art images are not actually stored on the blockchain. If you were to store a 500KB file on the Ethereum blockchain it would cost around $20,000. What’s stored instead is a URI pointing to the image. Big difference, especially since you can change what’s at that URI. Someone has to have thought of storing the URI plus a hash of what was there at creation time. More

Rivian had an amazing IPO, rising 29% on Wednesday and then 22% on Thursday. It closed at $122 after opening at $78. I’m not watching the space closely, but I can’t help but feel like a lot of this hype comes from people feeling like they missed the Tesla boat, and they want to make sure they don’t miss this one. But there’s no guarntee whatsoever that Rivian is another Tesla. More

TikTok is getting into mobile gaming by partnering with Zynga. Um, how do I invest? More

Twitter is building a crypto team. More

Companies: Shopify’s q
HUMAN NEWSA new class of drug has reversed paralysis in mice. I normally don’t post these types of stories because 1) they’re mice, and 2) there are lots interesting studies that don’t end up being practical. This one looks pretty spectacular. They cut the spines spines of the mic, waited 24 hours, and then gave the treatment. The mice that got the treatment could walk almost as well as before the damage four weeks later. Those who did not get the treatment did not. More

Hiring is way up in North America—for robots. Factories and other industrial customers ordered 29,000 robots, which is 37% more than the same time last year. Cool, so more and more people are leaving the job market, and meanwhile we’re hiring more robots. Everything seems perfectly on schedule. More

CNN has a story of a 9-year-old girl being sold to a 55-year-old man in Afghanistan. I thought it was just a regular story, like something they heard about a verified, but they actually filmed it as the man showed up, paid the father $2,000, and took her away. I get that this type of thing is legal in Afghanistan, but I don’t see how legality makes it ok to watch a 9-year-old girl be taken away to be raped by an old man. I don’t usually post such heavy stuff, but this is both disturbing and very strange to me. Are we so invested in multi-culturalism that this can be considered ok to someone? Different cultures have different views? Is that serious a defense here? To anyone? She’s 9-years-old. Do we not have the moral authority to call this what it is? And if you do claim that authority, why not pay the $2,000 yourself and keep this from happening? I know it can be hard to be a war correspondent and not interfere, but this is way beyond that in my opinion. I don’t know how one is supposed to hold a camera and be objective about this. More

Los Angeles and San Diego are looking to stop strict grading on things like turning in assignments and taking tests, and they’re moving more to “citizenship” scoring, which factors in things like physical fitness and extra-cirricular activity. This is completely ridiculous, and then only thing it’s doing is guaranteeing that ambitious parents and students will either 1) have tutors, 2) go to supplemental schooling outside of school, or 3) will leave the public schools altogether. This type of education is basically creating a giant American underclass that will end up serving food to the first and second-generation immigrant students who still value actual education. That’s the irony: I’m sure you could ask any administrator in these schools about income inequality and they could tell you all about it, but what they can’t see is how they’re actively creating it. More

America now has 520 million open credit card accounts, which is the most ever. Household debt is at $15 trillion. More

There’s a political gap in the number of people who’ve died from COVID, and it the gap is spreading. “In October, 25 out of every 100,000 residents of heavily Trump counties died from Covid, more than three times higher than the rate in heavily Biden counties (7.8 per 100,000).” More


CONTENT, IDEAS & ANALYSISDegrees and Credentials in InfoSec — My thoughts on the neverending debate around whether you need credentials to get into InfoSec. More

Quantum Computing vs. Blockchain/Crypto — People are starting to talk more about the risk of quantum computing to blockchain and cryptocurrency. It’s been a known risk for a very long time, but now that crypto is becoming this massive force in our economy, people are taking more notice. The summary is basically this: 1) quantum computers keep getting better, 2) we’re not sure if/when they’ll get good enough to attack current public-key cryptography, but it could be 2-10 years, which is very fast, 3) if that happens, whatever economy is based on cryptography could suffer a hard crash, and 4) there are ways for blockchain and other cryptography implementations to become more resistant to quantum computing, and the US government has been working on this for a long time, but making those changes will also take time and could have other performance implications. In short, it’s something to watch.

COVID Winter — I’m not an expert in this stuff, but take this for what you will. I expect to see another COVID surge in December and January based on a few factors. 1) Resistance from vaccines is tapering off quickly, with people with 2 shots of Moderna having around a 58% effectiveness of the vaccine after 6 months. For most people, that’s October. 2) People are seriously tired of being restricted, and they’re likely to behave very pre-pandemic-like during these holidays. And 3) I worry that relatively few people are going to get boosters until the surge is already going strong, say around January to February. This thing is not over, and the points above don’t even account for additional variants. My layperson advice: Get a booster and only hang out with large groups outdoors.


NOTESMy friend Angela, who also happens to be UL’s Manager of Sponsorships and Marketing, has a remarkable daughter named Hope. She recently decided she wanted to make a play, so she rewrote an adaptation of Midsummer Night’s Dream. That would be impressive by itself, but she decided to produce and direct the play as well. That means finding sponsors, managing expenses, finding actors, holding practices, and generally managing all the logistics that go with such a thing. Oh, she also acted in it. I wasn’t able to attend, but I hear the play was well-received. She’s 15. Congrats to Hope, and to her parents for raising such a remarkable human.  

I’ve started having Athletic Greens every weekday morning along with my coffee. I’m not affiliated with them, but if you sign up using my referral code you’ll get 5 free travel packs and I’ll get $15 off my next purchase. I basically treat it as vitamins, and since I don’t eat breakfast or lunch most days it ends up being my only “food” until dinner. Sign Up With My Code

I found my favorite DJ perhaps ever. He’s on TikTok, and his name is gta_changretta. He’s disabled and restricted to the bed, and controls his set using one hand on his machine. He plays the exact type of EDM that I like, plus he speaks Spanish and plays a lot of Reggaeton, which I also like. If you’re into any of this, and have a way to enjoy TikTok safely, you should check him out. I like listening to him live and going driving. Serious hype. More

I signed up for Twitter Blue. Not sure there’ll be any benefit, looking at the current features. But I like the idea of subscriptions and I want them to be successful and keep rolling out new functionality. Currently, the main draws are the undo feature and ad-free article viewing.


DISCOVERY  

If your company is interested in sponsoring an episode of Unsupervised Learning, reach out to us here! UL Sponsorship [ Sponsored Discovery ] 

Security Incident Containment with Teleport

What would you do when a security incident is detected? Shut down the servers? Pull out the power cord? When an incident is detected, both the incident method and the time required to contain an incident are essential to limit the damage.

Teleport allows you to control the traffic going in and out of a system, giving you the ability to quickly contain lateral movements and prevent further infection propagation due to compromised access. When your infrastructure access is managed by a uniform layer—with only one way in and one way out—it becomes super easy to contain a threat.

Learn More 10 Steps Towards Happiness More

Burning Man: The Musical — In this musical comedy we follow Molly, a promising young tech grad, as she returns to the playa of Black Rock City – this time employed by the very tech company that, unbeknownst to her, seeks to destroy it. After being given the task of acquiring drugs for her boss’s exclusive party, Molly finds herself on a journey inward – and through the community of Burning Man – finds her truest self. More

An interesting argument that writer’s block is a problem with sincerity. More

A bakeoff betwen the iPhone 13 Pro and the Pixel 6 Pro cameras using 2,000 photos. More

Binary Reversing Methodologies More

Simple SSH Security — A collection of steps to lock down your SSH instances. More

Gron — Make JSON greppable. More | by TomNomNom

Fast Google Dork Scan More, by IvanGlinkin

APIs for OSINT — A collection of APIs for use in automating your OSINT workflows. More | by cipher387

Quiet Riot — An enumeration tool for validation of AWS account IDs, root emails, users, roles, and more. More | by RighteousGambit


RECOMMENDATIONS

Sam Harris had a spectacular podcast this week about sleep. It’s a 4-hour conversation that’s completely approachable at 1.5x, and it’s so dense with knowledge and insights I don’t think you’ll mind the duration. It’s funny: my entire peer group is getting more and more obsessed with sleep now, and between this podcast and podcasts like Huberman Lab, I am getting a single message: Sleep is crucial to success, happiness, and long-term health. So now I’m about to go crazy with my optimization of sleep—from diet, to caffeine, to smart home temperature setting for bedtime and wake time, etc. And when I finally publish my new personal routines in Github I’m going to have a full section on sleep annotated with where I learned which piece of the methodology. Anyway. Sleep. This is a great podcast to get you enthused. Also, a ton of us in the UL Community are big into our Oura rings, and a few of us have our new ones on the way. If you get into sleep I highly recommend you get one. Sam’s Sleep Podcast | The Oura Ring


APHORISMS“The sole cause of man`s unhappiness is that he does not know how to stay quietly in his room.”

~ Plutarch

If you’re on InfoSec Twitter you’ve probably seen the recent iteration of the neverending debate around degrees, certs, and InfoSec.

Basically, one side argues that you need college to be taken seriously in security, and the other side says nuh-uh! and proceed to give lots of examples of people without a degree.

For more on this, see The False Dichotomy of Conflicting Ideas

Let me try to express something that applies to much more than this topic: When you have debates with multiple people making good points that are backed by evidence, the answer is likely that they’re all right to some degree.

And that’s definitely the case here.

Let me give you three facts:

Recruiting teams at major companies who are looking for cybersecurity talent are largely looking for college graduates. And they’re often looking only at top schools. There are lots of people with no college and lots of desire who can’t get a callback from a company that needs talent. Lots of the best people in InfoSec don’t have a degree or a cert.

These are all true. And they’re all true at the same time.

How is that possible?

Corporate recruiting teams are playing a numbers game, and they’re ultimately looking for safe bets. Getting accepted into a big, well-known school makes you a pretty safe bet, and graduating with a degree in computers from such a school makes you an even safer bet.

That’s for new people who don’t have lots of experience. Basically, if they have no knowledge of how well you’d do from looking at a career, they have to go by what they do have. So, on one hand, they have a top school and a good computer science program, and on the other hand, you have someone who seems eager but doesn’t have that—they tend to go with people with college.

That’s a fact.

But—and this is a huge but—the whole game changes when you are already known for being good at something, and/or if you know someone involved in the hiring.

If you’re a named person, who is famous for being able to find bugs, or manage programs, or run a community, you essentially get a VIP card for entry into the field. If people know you, and someone tells the hiring manager, well now they’re looking at your experience instead of your training.

That’s the trick: these are all just ways of finding a proxy for how well you’re likely to do. College is a proxy. Certificates are a proxy. Work samples are a proxy.

But the best proxy, by far, is experience. And being named is like experience with a gold star.

Anyway, that’s why both of these things can be true at the same time.

If you’re unknown to the world yet, and you don’t have any credentials, you’re not likely to be considered or targeted by corporate recruiting teams, and you won’t stand out even if your resume is seen.

Also don’t forget luck.

This is why it’s correct to say that having a degree in computer science is a good thing for getting into security.

But it’s absolutely not needed. If you’re bright and hungry enough, you can put yourself on the map, at which point nobody will care about your training anymore.

Both are true. The latter proves the rule of the former. Twitter is just really bad at this type of thing.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

[image error]

SECURITY NEWS

The US has banned China Telecom over national security concerns. The fear is that they could use their infrastructure to access, store, disrupt, and/or misroute US communications. They must discontinue their services in the US within 60 days. More

US Intelligence agencies released a report on the origins of COVID 19. The FBI thinks it leaked out of a lab, but most other agencies think it happened naturally. None of the groups thinks it was created as a weapon. This matches well with the armchair analysis I and others in the UL community have done over these many months. Basically, the lab leak theory is unlikely, but it’s foolish to discard it outright without having good reason. More

MITRE and CISA announced the 2021 CWE Most Important Hardware Weaknesses List. Interesting list. Top hits were: Improper isolation of shared resources on a SOC, improper access control for on-chip debug and test interfaces, and improper prevention of of Lock Bit modification. More

NSA is hiring people for “cyber careers” with CS, C/EE, Intelligence, and Math backgrounds. More

The US is working with Taiwan to secure the chip supply chain. More

Incidents:  Zales.com had a data leak, like Jared and Kay did in 2018. MoreVulnerabilities:  Apple patches 22 security flaws in iOS 15. More Adobe patches over 90 issues in 14 of its products. MoreCompanies: Dargos has become Industrial Cybersecurity’s first unicorn after raising $200 at a valuation of $1.7 billion. More
TECHNOLOGY NEWSFacebook changed its name to Meta, and they’re spending at least $10 billion on it this year. More | My Analysis

Tesla got an order for 100,000 cars from Hertz, and the resulting bump in its stock price made it a $1 trillion dollar company. More

US regulators are looking at how banks might be able to get into crypto to avoid being left behind. More

After Apple’s stock dip from its earnings call, Microsoft became the world’s most valuable company. Not sure that’ll hold for long, though. More

If you have a Tesla with the latest update, you can now remotely stream video from your car’s cameras. More

Photoshop is about to get the option to prepare an image as an NFT. More

Microsoft is going to work with community colleges to fill 250,000 cybersecurity jobs. More

Tim Cook said Apple lost $6 billion due to supply chain problems, and that they’ll lose even more more this quarter. But they still crushed it with $83 billion in revenue, which is up 29%. More

Niantic just launched its new AR game, Pikmin Bloom, which is like a seed & plant version of Pokemon Go. You have to walk around outside, plant seeds, see them grow into plants, and journal about your activities. More

Patreon is exploring crypto as a way for creators to earn more money. More

Companies: Shopify’s quarterly revenue rose by 46% as people return to spending. More
HUMAN NEWSA new meta-analysis found that high levels of vitamin D3 are inversely correlated with COVID-19 mortality. I would add this to the list of “make sure you’re D3 is high enough”, but I’m not skilled enough with this science to read this paper properly and tell if it’s a slam dunk or just another drop in the bucket. What I can say for sure is make sure you’re not D3 deficient. More

Texas Republicans are looking to make Texas the center of the US crypto world. I guess this is on-brand, given the decentralized and counter-government vibes of advocating for a competing currency to the USD. More

A new study by the CDC says vaccination protects against COVID better than natural immunity due to infection. More

35% of registered voters in the US think the last election should be overturned. More


CONTENT, IDEAS & ANALYSISThoughts on Facebook Meta — This move by Facebook is genius on multiple levels, and I feel like the only way it can fail (at least completely) is if it’s too early. Full Essay 


NOTESI’m almost done with the new Pinker book, Rationality. Really, really, good. It’s like a massive collection of pitfalls for thinking clearly.

I’ve been watching tons of Vim content on YouTube. It’s pretty much Vim, Chess, and Table Tennis in my history. Yep, nerd central. Anyway, I highly recommend these two plugins (HT to The Primeagen) which have been much-desired upgrades. They give me fish-like autocomplete for commands, plus a really cool sytnax highlighting for in/valid commands while doing so. Also, I highly recommend lsd as a replacement for ls. More | Bad | Good


DISCOVERY  Is Korea the new cultural superpower? More

Shodan Trends — See trends in internet attack surface. More

Atlas of Surveillance — More

Slow Down, Finish Faster More

iFixit did a teardown of Apple’s out-of-stock polishing cloth. More

Repeat Yourself, a Lot More

The 37-Year-Olds Are Afraid of the 23-Year-Olds Who Work For Them More

Beyond Smart, by Paul Graham More

Threat Matrix CI/CD — A common threat matrix for CI/CD. More | by Rung

SSRFmap — Takes a Burp request file and fuzzes for SSRF. More | by Swissskyrepo

Browser Fingerprinting — A bunch of tech and discussion that will help you build a web scraper that will be harder to block. More | by Niespodd

Embark — The firmware security scanning environment. More | by e-m-b-a

MVSP — Minimum Viable Secure Product. A minimum security baseline for enterprise-ready products and services. More | The List


RECOMMENDATIONS

Conflicts with people we care about are too often caused by, 1) one or both parties not knowing what they want from life, or 2) one or both parties not honestly articulating what they want from life. Try your best to be good at both of those. Figure out what you want—what you really want—and be willing to ask for it from those you share your life with. This will polarize some relationships, but that’s ok. What remains will stand on a stronger foundation.


APHORISMS“All human activity is promoted by desire.”

~ Bertrand Russell

Facebook changed its name to Meta—which happens to mean “dead” in Hebrew. The change also morphs the big-tech acronym from FAANG to MANGA. So that’s fun.

As with most big ideas, half the internet thinks Meta is Jesus, and half the internet thinks it’s the Zune. This also applies to NFTs and crypto, and it’s too early to say for all three.

But for the metaverse (hard to argue meta isn’t the leader when it’s right there in the name) I think we’re missing an important point:

The real world is becoming increasingly hostile to regular people who do regular work.

I think the metaverse will be massive not so much because gaming and VR will be big, but because gaming and VR will be the only avenue to thrive for the bottom 80% of people on the planet.

This isn’t about virtual reality, it’s about alternative reality. As in—the alternative people will flock to when regular reality becomes unbearable.

How smart is that?

Not only are they building the obvious home for gaming, but they’re also building the future evacuation zone for everyone who can’t afford to thrive in meatspace. Which is most people.

I’m not one to say this, but it could be said that the billionaires are creating a world where the millionaires will reign in the real world, and everyone else will move to VR.

Big corporations will start providing the main services, like healthcare and delivering mail, and the government will just subsidize to make sure the people don’t revolt. The better the VR is, the quieter the masses will be. And I don’t mean this in an Orwell sense. I mean it in a Huxley sense.

Whoever controls that ecosystem—or even a major portion of it—is going to be something like god. It’ll be like AWS for a functioning society. They’ll have lots of SREs not so they don’t lose revenue, but so they don’t have riots in the streets.

I mean that’s a cool fiction story idea right there. There’s an outage in The Meta, which causes people to go outside of their houses and socialize, and while they’re out there they realize the rich people actually live here, and have a better life than they do. Hijinks ensue.

It’s a lot like waking from the Matrix actually, and realizing that you want real life instead.

Anyway, this is a smart move by Face-meta. It allows Zuckerberg to dodge the scrutiny bullets and become a quixotic futurist, and at the same time build the reality substrate for 80% of the planet.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

The backlash against Wokeism will elect Trump in 2024.

I’ve been saying this since March of 2020, and I want to say it here explicitly: Wokeism will elect Trump in 2024. The extreme left is continuing to make the same mistake they made before 2016, which resulted in the first Trump presidency.

That mistake is the complete lack of empathy for those who think differently than them—namely, people who do not endorse the Woke agenda. Are a lot of those people racist? Are a lot of them sexist? Yes. But millions of them aren’t, and the fact that Wokeism treats them all the same, and as if they’re somehow worth less than smart people with good jobs who live on the coasts, will directly cause another Trump win in 2024.

Trump getting another term could literally dismantle our country. This is someone who is denying the results of a fair election, where the results were analyzed by dozens of groups, dozens of courts—including those run by Republicans—and no evidence was found of fraud that could have affected the outcome. Yet he still insists—like a Central American dictator—that the election was stolen.

Because of his willingness to place his own brand and interests above Democracy itself, he is a direct threat to the United States, and he will ironically be brought to power—again—by the same exact people who brought him in the first time.

Middle America and The South, i.e., the people who vote for Trump, need a non-Trump option that doesn’t make them feel like the backwash of our country. They don’t have one. They have Woke on one side, and a literal Authoritarian on the other. Of course they’ll choose authoritarianism. Authoritarianism in the name of Democracy. Isn’t that always the way Authoritarianism goes? The people attacking the capital were doing it out of patriotism. That’s a hell of a sentence. Attacking Democracy for patriotism.

Anyway, until we see a moderate, centrist option for the other 50% of our country, we’re going to see Trump and people like him having massive success in elections. And even worse, the adverse reaction to Wokeism will bring a lot of the center and left to vote for those candidates too—just to send the message that they don’t like the extreme left.

TL;DR: The extreme right and left are the problem, and the reason we’re in so much shit right now is that there are no center candidates that respect the 50% who are moderates in this country.

When the moderates have nowhere to go, they pick a side, and Wokeism is pushing far more people to the right side than the left. Quietly. Silent anti-Woke people. These are the people who will elect Trump in 2024. We had all the data to figure this out in 2016, yet here we are about to make the same mistake in 2024. We don’t deserve nice things, and we’re perilously close to losing the nice things we have.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

This Content Is For Paying Members

Subscribe

Already a paying member? Login