Daniel Miessler's Blog, page 44

[image error]

SECURITY NEWS

CIA Director William Burns says the agency is creating a new China Mission Center to counter to the overall threat from Beijing. “CMC will further strengthen our collective work on the most important geopolitical threat we face in the 21st century, an increasingly adversarial Chinese government.” More

CISA has issued warnings on threats targeting water and wastewater systems. More

Moscow metro has rolled out Face Pay at 240 train stations, which is a way for passengers to pay for their ride by just having their faces scanned. The tech requires no phone, no metro card, and no credit card, and privacy groups are worried it’s a mechanism for controlling the population. More

Havana Syndrom has hit at least five US families connected to our Columbian embassy. “People experience different things. Some hear grinding sounds. Some hear vibrations in their head. The whole situation is very bizarre.” More

Israel has developed a technology that can see live objects behind walls from over 50 meters away. It’s called the Xaver LR40, and it’s a portable system that can see how many objects are moving behind walls in real time. More

The Pentagon is looking to leverage AI to crunch and analyze massive numbers of data feeds in order to predict enemy action hours or days in advance. The names being used for this type of capability include, “information dominance” and “decision superiority”. I love the idea here, and it reminds me a lot of skin cancer diagnoses. It’s great to have this type of analysis happening constantly, in tandem with human analysts who can’t review as much, or as fast. At first the tech will be a low-signal data point, and then over time it might become the primary source with the human being the final check and filter. Exciting and scary stuff. More

Vulnerabilities:  Apache Tomcat DoS More WP Fastest Cache Plugin XSS and CSRF Data Extraction MoreCompanies: SpotAI raises $22 million to extract intelligence from security videos. More At-Bay raises a $20 million Series D to continue working on a continuous monitoring-based approach to cyber insurance. More Black Kite raises $22 million to do vendor risk management. They use the MITRE framework and Open FAIR to provide letter grades to vendors. More
TECHNOLOGY NEWSFacebook is hiring 10,000 people in the EU to work on the metaverse, which is basically their branded version of VR. More A Similar-ish Idea I Had From 2006

Coinbase is launching an NFT product later this year. The space is heating up for sure, and half the stories you read are either telling you its the next big thing or the biggest scam in the world. I’m 80% bullish, but still not sure if we’re too early. More More

Twitter now allows you to “soft-block” people by clicking on them and selecting “Remove this follower”. More

The US has taken the spot of top Bitcoin miner from China. More

Tesla has a new insurance policy that adjusts your premium using real-time driving behavior. But it’s only available in Texas. You still pay monthly, but what you pay is based on how you drive instead of your demographics. More

Sony is partnering with TSMC to build a new $7 billion chip plant in Japan. More

Magic Leap raised $500 million to build a new headset, even though the last one fell through completely. It’s supposed to come out in 2022. More


HUMAN NEWSThe US inflation rate is at 4.3%, which is a 13-year high. More

Around 4.3 million Americans quit their jobs in August, which is the highest number since December of 2000. That includes over half a million healthcare workers. More

This article is about just one startup, but I think the startup activity around the combination of psychedelics and therapy is going to be massive if/when substances like psilocybin and MDMA are approved. More


CONTENT, IDEAS & ANALYSISOpiates and Social Media Are Symptoms, Not Causes — A short essay on how I believe addiction problems often come down to a lack of direction and meaning. More

Lifecasting: What It Is, and How It’ll Change Society (2002) — My essay from 2002 on how everyone would be streaming their lives using phones/peripherals. I, um, got the timing a bit off I’d say, but I think some of the piece is still pretty good. More

Honest Signaling — I like this article’s approach to discussing NFTs, and especially this idea of “honest signaling”. Tons of people wear fake luxury products and there’s no way to tell at a glance which are real or fake. Imagine your eventual AR glasses being able to show that to you in realtime. As I talked about in my book, that is functionality we can guarantee will arrive because it’s been useful for thousands of years of our evolution. Few things matter more than being able to differentiate true and false signals of fitness/beauty. More


NOTESI bought the new Apple Watch on opening day (I short-camped for it), and I would simply say this: if you’re 1) a watch enthusiast, 2) an Apple fanboy, or 3) you don’t have an Apple Watch yet and you’re thinking about getting one—I’d go ahead and get it. It does present as really large, clear, and bright. But if you’re not in those categories, I’d skip this upgrade.

I finally got my sound diffusers from GIK Acoustics that I ordered about 6 months ago. They look pretty great, and I think they’ll help a lot with reverb in the studio. Image

I finally did what I’ve been talking about for a while and got rid of the monthly subscription plan. Not many subscribers were left on it, but if you were on it you’ve been migrated over to annual. The cost over a year will be less than half the cost ($8 vs. 20 per month).

I watched Squid Game with my girl this weekend. Not because I wanted to, but because it’s such a huge cultural phenomenon that I felt compelled. It was worth it, if only for that reason. I find all the Korean discussion of class warfare fascinating (see Parasite, Squid Game). I need to find some good analysis on everything that was being claimed or stated about society in the show. If you see any good writeups, let me know.


DISCOVERY  Remote Ham Radio More

NFT use cases that could go mainstream. More

OpenSea — An NFT marketplace. More

The Great Re-evaluation More

Sam Harris was interviewed by Scott Galloway at the Code Conference. More

DDOSify — A high-performance load testing tool. More

Building an end-to-end Kubernetes-based DevSecOps software factory on AWS (HT @ClintGibler for multiple links this week) More

The OSINT Treasure Trove More

ChangeMe — A default credential scanner. More


RECOMMENDATIONS

How to Take Over the World — One of the best podcasts out there right now, especially if you’re reading or listening to these words. It’s a combination of Hardcore History with extracted productivity tips from the world’s smartest and most productive people. More


APHORISMS“If you are everywhere, you are nowhere.”

~ Seneca

A number of years ago I read a book that changed everything about how I think about addiction. The book is called Lost Connections.

The main premise is this: the difference between a homeless person and someone living on the street not being able to get off of a street drug, and an everyday person who goes into hospital and takes way stronger drugs long enough to get addicted—but doesn’t—is that the everyday person usually has something to go back to.

The opposite of addiction isn’t sobriety – it’s connection.

Johann Hari

This blew my mind. The idea that it isn’t about drug, but rather the person’s presence of meaning—or not—that determines whether or not they get addicted to substances.

There are many variables here, and I’m not making blanket statements that are supposed to apply to every situation.

I see a lot of similarities with the current hysteria around opiate usage and people abusing social media. There’s a narrative that, “the opiates must be stopped!”, and that, “social media is killing our kids!”.

I don’t think they are. Are they good for you? They can be, when used appropriately. Are they being abused? Yes, clearly.

But I think the problem is ultimately what Hari talks about in his book. It’s the lack of something bigger than the drug or social media in peoples’ lives.

We’re in a crisis of meaning. People are empty. People are lost. We have girls pretending to have Tourette’s as a way to feel seen and/or become popular.

I would argue that the underlying cause for so much of what we see going wrong with our young people is simply a lack of direction and meaning. And I don’t blame them. I don’t even necessarily blame their parents, although that’s closer to the mark.

The real causes are obviously multivariate, but I believe they mostly exist at the layers of society and culture.

Like what are the instances of illness appropriation or social media abuse for children of immigrant parents who have instilled a strong work ethic in their kids, and who are striving for academic, artistic, and or athletic excellence?

I don’t know if that data exists, but bet these problems are far less common in households where the children get their direction from their peers and from social media itself.

Basically, my model is that a lack of meaning, direction, and strong social ties causes depression, and that depression then opens the door to addictions such as drugs and social media.

So, sure, maybe lets see if we can get some of this stuff out of circulation. But that won’t solve the problem.

What will solve the problem is having a cohesive narrative for how kids should comport themselves. A path. A vision. A direction. A moral foundation. And examples of how one should live a good life.

This is what kids need. Hell, it’s what adults need.

And if they don’t get it, they’re going to fill that void with something that isn’t good.

I wanted to just capture some thoughts around vaccine mandates.

We’re seeing more and more rational people come out against mandates, citing personal freedom and an aversion to unquestioned governmental authority.

Fine. I get it. Sure.

In a vacuum, yes, it’s a bad precedent to just blindly do what the government says. And when you combine this with our universities and our media becoming more ideologically oriented, it starts paining a picture for some on the right.

The picture is this:

The media is completely sold out to the extreme left, and will only allow extreme left viewpoints to survive. Anything else will be ridiculed and/or cancelled.Universities are now teaching the same, which is churning out young people who bring that stuff into the workplace.Then we have the pandemic, which really isn’t that bad if you just let it happen and let people get natural immunity. It’s actually just another government control mechanism, designed to scare people into listening to the same left-leaning, Marxist-style government that is selling extreme left ideology in the media and the universities.

That’s a neat little package, and there’s a great word for it.

Specious.

The problem with the pandemic part of the argument is that it’s not backed by science. The scientific consensus is overwhelmingly clear that if we didn’t take the pandemic seriously, there would have been a lot more death. We’re at around 700,000 dead right now, but that could have easily been in the millions without distancing, masks, and vaccines.

We know this because we ran natural experiments. States like California did way better because more people distanced, wore masks, and got vaccinated. And states like Florida and Tennessee did worse because they didn’t. We saw it happen right in front of us, and it’s well documented in the statistics.

The New York Times publishes all their data and its sources on Github.

Now, you can say you don’t trust the data, but if you don’t accept evidence then there’s no evidence I can offer you to fix that situation. Data from the New York Times is just pulling from the various state and local jurisdictions. It’s not like they have their own Liberal/Federal source of fake data. Their data is as real as it gets.

That data shows, and we saw in real-time, that the states that followed the guidance did the best. This was true around the world, and it was true in the US. Distancing works. Masks help. And vaccination has been a miracle for avoiding symptoms, hospitalization, and death.

All this to say, to the moderate conservatives, ok—I get it. You don’t like the crazy far-left politics. I get it. It annoys me too, and I am pushing for a more center-focused politics as well.

But don’t conflate that with the virus and the effect it’s had on people. Sure, you can argue about mandates and politics and stuff there. In other words, how we reacted to the virus. But don’t allow yourself to be swayed on the basics.

The basics are:

This thing is really bad.It’s killed 700,000 people.It likely would have killed many times that if we did nothing.

This is completely separate from our reaction and whether or not it made perfect sense in every case. It didn’t. We made it up as we went along in many cases. But distancing, masking, and vaccines are the solid parts of the equation.

It’s true that we could have done nothing, and humanity would have survived. But the economy might not have. If say, 2 million or 5 million people died, or maybe 10 million—just in the US—that’s a small number relative to our total population, right?

That’s what some on the right believe. And it’s somewhat true. We’d still be here. And we’d have some kind of immunity afterwards as well. So that is one way of doing it. But there’s no way of knowing whether the economies of the world would survive that. And it’s not a very American way of doing things either—to just walk straight into the slaughter of millions when we have the weapons to fight, i.e., policy combined with vaccines.

And that brings us to mandates for vaccination.

Vaccination only works properly if enough people do it. So this is a canonical case of where personal freedom collides with the greater good.

It should be 100% possible for a moderate Republican to simultaneously say:

The media is biased far-left.The universities are biased far-left.Some of the stuff that came out of the WHO and the CDC was sketchy.Something is up with Fauci and the way he divulged what he knew and when.BUT, the basic guidance that the CDC gave was right.BUT, the basic guidance that Fauci gave was right.BUT, we absolutely would have had millions of people dead if it weren’t for doing that guidance and getting vaccinated.

You can, and should, hold both of these lines in your mind at the same time. They are not in conflict. Believing 5-7 does not make you a liberal. And believing 1-4 does not make you a conservative. Life is complex and messy.

Smart and thoughtful people are able to assemble their own beliefs from many other sets of beliefs. You don’t have to pick one camp and believe everything they believe.

So I ask you, my friend the moderate Republican, be willing to say that blindly following the government is bad, but that in this case, given the risks, the good of the many does in fact outweigh our individual freedoms—just for this one issue—at this one moment.

That doesn’t mean we forfeit individual freedom, and it doesn’t mean we blindly trust the government. Our country is based on not doing that. Or at least it’s based on not blindly trusting in all cases. So that’s good. That’s healthy. Keep it up. We love you for it.

But we have the data. It’s right there. In this case, and in many others in the past and in the future, the government is actually correct—at least directionally—in pushing people to vaccinate. It’s a public-good thing, and the public-good is also part of being a good American.

America first doesn’t mean each of us first, it means the country first. As a group. As a whole. And that’s collectivist, not individualist.

Please think about it.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

In any sufficiently high-pressure situation, weakness is indistinguishable from evil.

This sentiment is written to mirror Arthur C. Clark’s statement about technology, but the structure fits well.

In these decades I’ve lived, I’ve seen thousands of situations where someone is causing pain to others—not because they want to—but because they’re broken.

I used to draw a firm line based on the ultimate cause, i.e., are they doing this because they’re a bad person, or are they doing it because they’re in pain and suffering themselves?

In my later analysis, however, I’ve found that it doesn’t matter much. The real question is whether or not you can help. If one can, I recommend trying, so that eventually you can dig out the person who you know they can be.

But if they refuse help or the damage is too great—and they continue harming themselves and others—you may need to separate in the same way you would from someone who is naturally ill-intentioned. A smart and damaged person often takes on many of the characteristics of evil, and when you’re the target of such attacks and manipulation the difference in ultimate source becomes academic.

This is one of the great lessons in life that nobody formally teaches.

Broken people can cause nearly identical pain to evil people, and it may be just as necessary to distance yourself from both.

The main question to ask in this situation is this:

Can you actually help, and how much effort can you afford to spend on doing so?

A big part of this is often whether or not they want help.

If you do your research and come to the conclusion that you can help, make sure you can pay the cost. Make sure your own sanity and the health and happiness of those around you can absorb the effort. If they can, then putting forth that effort, even at great cost to yourself, is likely to be one of the best things you ever do.

But if you can’t help, for whatever reason, you’re better off separating yourself from the problem. Namely, them.

This is hard, but if the person is emotionally harmful to themselves and others, in a chronic and unfixable way, you can think of it like a hurricane or a Grizzly bear. You’re not mad at them. You’re not blaming them.

You just can’t be close to it because it’ll hurt you. Bears and hurricanes aren’t evil either, but they cause damage just the same.

Watch for people who turn into these things in your life, and make the difficult decision to separate when needed.

NotesUltimately, because I don’t believe in Libertarian free will, I don’t believe in “evil” people either. I see evil as a practical effect in reality, as opposed to an authentic source for action. In short, truly evil people like Manson or Bundy or whoever are just a combination of material bits that got assembled in some configuration, combined with an environment that acted on them in some way. The result manifests in a way that we call evil, and I think it’s a useful term. But it’s not a good description of an actual cause.

SECURITY NEWS

600 journalists combined efforts to investigate a massive network of offshore banking and shell companies that allows the world’s most rich and powerful to hide their assets from authorities. This includes heads of state, other politicians, and celebrities. It’s being called The Pandora Papers, and includes around 12 million documents from law firms and various media outlets. More

CISA has released a tool to help organizations combat insider threats. It helps companies assess their insider risk and determine what they need to set up a program. More The Tool

NSA and DHS say foreign attackers are attacking VPN systems, and they have provided new guidance on how to lock them down. More Guidance

YouTube has blocked all anti-vaccine content. More

China has sent 77 planes into Taiwan’s defense zone over the last two days. More

Thousands of Coinbase customers had crypto stolen due to account takeover. They used a flaw in Coinbase’s SMS-based MFA to send themselves authentication tokens. More

Rob Joyce, director of cybersecurity at NSA, says almost every country has an offensive cyber capability. More

Neiman Marcus sent a breach notice to 4.3 million customers. More

Vulnerabilities:  QNAP patched critical vulnerabilities in QVR software. More fail2ban has an RCE vulnerability. MoreCompanies: Cloudflare is getting into email security by offering SPF and DKIM, as well as email routing that lets you control and consolidate email addresses. More Cyberinsurance firm Coalition raises a $205 million Series E. More
TECHNOLOGY NEWSCloudflare is launching an object storage service to compete with S3, and they’re calling it R2 because it’s “one less than S3”. Its main claim to fame so far is that, unlike S3, it will not charge customers for egress traffic. More

PWC says all 40,000 US employees will be able to work remotely forever. More

TikTok now has a billion monthly users. More

The US Army has funded a sleeping cap that cleans the brain. It works by controlling the flow of fluid that is believed to cleanse the brain while we sleep. More

Deepmind can predict the location, extent, movement, and intensity of rain 89% of the time—out to around 90 minutes—which is signifcantly better than any other model. More

Companies: DNA-based data storage platform Catalog raises $35 million. More
HUMAN NEWSWhen listeners pay close attention to stories, their heart rates synchronize. More

Many countries are struggling to keep up with surging energy needs resulting from the COVID economic recovery. Energy prices are high in Europe, China, and the US due to increased demand and a supply that isn’t keeping up. There is speculation that this may have been a contributing factor to China banning cryptocurrencies. More

Researchers at Mount Sinai have found that EKG results can indicate which patients are more likely to decline and die from COVID, up to several days in advance. More

Britain is struggling with shortages of fuel and food, especially in rural areas, due to the effects of Brexit. The issue is complex, but Brexit essentially made it more difficult for immigrants to work in the country, so many of them left. And it turned out that those immigrants were the ones doing most of the truck driving that was getting things like fuel and food from one place to the next. So Britain basically said they didn’t want the immigrants there, while most also didn’t want to do the jobs those immigrants were doing. And now they’re suffering the consequences. More


CONTENT, IDEAS & ANALYSISPodcast Setup Update (October 2021) — A short write-up on my new—and likely to be relatively static—podcasting setup at the new place. More

Pelosi Capital Management — An investment strategy based on buying whatever Nancy Pelosi buys. I’m bothered I didn’t think of this. Or more specificaly, I’m bothered I didn’t ask the key question behind it. “What entity has access to the best possible investment advice at the top of the food chain, yet also has to disclose their investments publicly?” That would have revealed the answer of “Congress.” Shame on me. More The Twitter Account

Systems vs. Goals — This is a very good piece about how you need both systems and goals to be successful. This is a strike-back at books like the one from Scott Adams, where he says systems are far better. I think the answer is somewhere in-between. For day-to-day, month-by-month, systems are far more important. But for planning, goals are more important. The key then is 1) ensuring that you have both, and 2) ensuring that your system is helping you acheive your goals. So it’s not a competition; it’s an interaction. Like diet and exercise. Or mental and physical health. That being said, if I had to choose, I’d probably choose systems because—assuming it’s a system that keeps you healthy—you’re more likely to be able to find your goals using it. Versus having no system and a bunch of theoretical goals that you never took action on. In that situation you can wake up in your 50’s and realize you haven’t done anything. So I’d say that’s worse.

NOTESA Brief Defense of My Own Podcast — I want to take a moment to defend my podcast from continued attacks from a particular individual. And that person is…me. I just realized that every time I show someone my podcast, or get asked about it, I always lead with how it’s dry or sterile or whatever. But really useful! Through some other reading I’ve come to identify this as negative behavior, and there’s a simple test to see how bad it is—I’d never talk about someone else’s podcast in this way, at least not without also highlighting its strengths as well. Yet here I am having never once described why anyone should listen. So let me do that. My podcast is not the most exciting, and it’s not the funniest, and this is on purpose. First, excitement and humor are difficult to do consistently, and they’re really bad when they go wrong. Second, they simply add bulk to the product. Then there’s the fact that excitement and humor usually involve multiple people on the show. That’s really hard to do, especially consistently over multiple years. The more people the more chance for someone not to show up, not to have a good show, etc. So, my formula is simple: a concise, dependable show format, delivered by me alone, pretty much as quickly as possible. I also recommend you listen at 1.5-2.5x. At that speed you get a pretty damn good summary of security, tech news, and goings-on in the world—in around 10 minutes. Plus regular helpings of original thought about the stories and their impact on society. The reason I make this show is because if it already existed I’d be a fan. It’s the show I wish were available somewhere else. So, yes, you lose some things with this concise and direct format, but I would argue that the value makes up for it. So, yeah, that’s why you should listen to this, which is weird since you already are. And if you ever hear me bad-mouthing my own show, do me a favor and slap me.

I just created two different versions of the podcast—one for members and one for everyone else. The standard version stops after the first three news sections for even episodes, while the member version has all the other sections as well, including Content, Ideas, and Analysis, Notes, Discovery, and the Recommendation and Aphorism of the week. The goal was to stop giving the entire show to everyone via audio when members subscribed to get access to that same content. So basically, on odd episodes, everyone gets the full podcast and newsletter. And on even episodes, members get the full podcast and newsletter, while non-members don’t get the newsletter and the podcast is an abridged version that doesn’t include the analysis and discovery portions. Let me know if you have strong feelings about this, and even better just subscribe so you won’t notice.

I’ve been asked a few times what content goes in my Ideas section vs. the Discovery section. Simple—bolded items in the Ideas section are links to my own full essays. Non-bolded entries in the Ideas section are my own thoughts or analysis on something, but in short form right there as a single paragraph. And cool ideas from others, with no analysis, are links in the Discovery section. Hope that helps!

Currently reading Jordan Peterson’s latest book. I’m a 70% fan of Peterson. I love and respect him. But I often disagree with his positions. And his writing is hard to consume. Still, I find him genuine and entertaining, and most of all—working from good-faith.

I just bought The Wires of War. A serious contender for next the next UL book of the month I think. More


DISCOVERY  /r/netsec’s Q4 Hiring Thread More

Where Have All the Sex Scenes Gone? More

Always Multiply Your Estimates by π  More

Pelosi Capital Management — An investment strategy based on buying whatever Nancy Pelosi buys. More

Don’t ask to ask, just ask More

Someone took a new Rivian electric truck into the mountains for a review. More

“google’ is the most-searched word on Bing. More

Big Orgs Are Broken Due to the Prisoner’s Dilemma More

Workers are leaving Zoom to go back to the office, where they get back on Zoom. More

Securing Your Git Commits Using FIDO2 Keys More

10 Types of Web Vulns That Are Often Missed More

tmux & ch.sh More

FAV/E — Utilizes NIST CVE to find vulnerabilities and exposures based on various criteria. More


RECOMMENDATIONS

If you like Star Wars or Anime, to any degree, you must check out Episode 1 of the new Disney+ series called Star Wars Visions. It’s without question the best Star Wars thing I’ve ever seen. Can’t say more. 


APHORISMS“We reach each stage of our life as a novice.”

~ Nicolas de Chamfort

I have a number of posts on my podcast setup for Unsupervised Learning, a show I’ve been doing since 2015.

Or as permanent as anything can be these days.

This one is different because I’m in my permanent setup at the new place.

Current gear

The gear I’m using for this setup has been mentioned before, and I’ve used it before, but not in this combination.

The Neumann 87 Ai Condenser Microphone More

In my previous place, a small apartment with hardwood floors, the audio situation was horrendous so I couldn’t really use a condenser microphone—much less a Neumann. So I was using a Sure SM7B, which is a fine choice no matter what. Many top podcasts uses that mic when they can use anything, including Rogan, Sam Harris, and actually most big podcasters.

I prefer the crispness and liveliness of the Neumann condenser though. Or at least I do right now. If I had to summarize, the SM7B takes some of the character out of your voice and adds in some awesomeness. The Neumann U87 Ai extracts every little detail from your voice, and brings it to the front. So it’s a completely different sound but I currently like the latter.

The Apollo Twin X Audio Interface More

I have been alternating between this device and the RODCASTER PRO podcasting rig for a while now. Mostly to try to solve my audio issues in the apartment. I prefer the Apollo for day-to-day audio management, and for listening to music, so the only reason I was using the RODECASTER was because I was having some audio issues with the Apollo when podcasting. Namely, I was having trouble controlling echo and such using the complex stack of plugins and DAWs.

What I’ve done now is just taken those things out of the loop. I’m now just going raw mic into Hindenburg.

The Hindenburg podcast application More

Hindenburg is like a Tesla. It doesn’t do nearly as much as other top-end cars, but what it does do it does really well.

It’s far simpler than other DAWs, just as Teslas are vastly simpler than, say, BMWs. If you like a pretty interface with a million knobs and colors, you won’t like Teslas or Hindenburg. But if you like a DAW that does the core functions very well, this is the way to go.

The Acon Digital Deverberate plugin (for echo) More

I’ve tried probably five echo plugins over the last six years. This is the one I always come back to, and although I need it less in my new studio that has carpet, I still keep it in my chain.

The iZotope Nectar 3 plugin (compression and noise gate) More

I’m a huge fan of iZotope stuff, and this Nectar 3 Plugin turned out to be exactly what I needed just now for my latest podcast setup.

In my previous stack I had the RODECASTER PRO, which has a noise gate built into it. It worked quite well and best of all it was a hardware feature. When I switched to the Apollo/Hindenburg stack I lost that noise gate, which is much needed because the Neumann picks up everything.

So I added the Nectar 3 plugin with some compression and a noise gate that not only takes out any background noise from AC or whatever, but it also removes breathing sounds and even mouth noises. This is so important if you want to maintain high voice quality without having tons of unwanted breathing, clicks, and pops in your shipped product.

Next steps

The final thing I’m doing for my studio is adding sound dispersion and absorption. I’m ordering some GIK products that are art pieces for the walls as well as bass traps for the corners. Those combined with the carpet and added furniture might give me enough treatment to get rid of my de-echo plugin.

Summary

If you have a pretty quiet room and the funds to invest, I’d say this is a really solid stack for producing a show.

It’ll give you NPR-level voice quality combined with near-professional-grade (and automatic) removal of the noise between words and sentences.

Hope this helps someone on the same journey.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

[image error]

SECURITY NEWS

Apple did an emergency patch last week for a zero-day NSO exploit that installs its Pegasus tool. The attack affected every iPhone, iPad, Mac, and Apple Watch. The attack came in via Messages, and once installed, the software gains full control over the device. Citizen Lab alerted everyone to the issue, and the story is applying even more scrutiny to the NSO Group, which is an Israeli company that sells this software to governments all over the world. More

Researchers have compiled a list of vulnerabilities used by ransomware gangs. They include Pulse Secure VPN, Citrix, Exchange, Fortinet, SonicWall, F5, Palo Alto, QNAP, Sophos, SharePoint, Windows, Office, vCenter, Accellion, FileZen, Atlassian, Zoho, and Azure. More

Indonesia says at least ten government ministries and agencies, including systems from their intelligence service, have been compromised by a Chinese threat actor Mustang Panda. More

You’ll soon be able to sign in to your Microsoft accounts without a password. Instead, you’ll use Microsoft Authenticator, Windows Hello, a security key, or a login token sent via SMS or email. More

China disappeared one of its biggest celebrities from the internet. Her name is Zhao Wei, and she’s basically the Reese Witherspoon of China. Everyone knows her, and she just got Thanos snapped out of existence. She can’t be found on search engines, video sites, or anywhere. She was basically erased from Chinese history. This happened as China is in the middle of a crackdown on celebrity itself, which they say is unhealthy. It’s not clear what she did to anger the government, but it could be that she was simply too big and they wanted to make an example. I imagine a lot of celebrities in China are about to suddenly be very patriotic, and I imagine that’s exactly the point. This is the size of the weapon China is using in their Culture War 2.0. Erasure of Self. No matter how big you are. If you’re not sufficiently pro-Party. More

Vulnerabilities: Adobe, SAP, Microsoft, Chrome, TravisCI, Netgear Smart Switches, 

Companies: Neosec raises $21 million to do API security. More Identity startup Persona valued at $1.5 billion. More
TECHNOLOGY NEWSThe Apple September Event: As someone who used to work in security at Apple, I’m extremely pleased that many of the rumors were wrong, which hasn’t happened in years. I saw the announcements as solid evolutions—much like an “S” release of the past. This piece says the 13 is a pitch-perfect 12. The two things I’m excited about with the phone (I’m getting the blue Pro) are the camera and the screen. I’ll also be getting the new watch when it drops, but I’m disappointed we didn’t see more watch faces. More than anything I’d like to see more creativity and flexibility there. Watch-wise, what I’m truly looking forward to is a round face. Who knows if that’ll ever happen.Like 80% of web backends are written in PHP. Still. In 2021. The next closest competitor? ASP.NET, at 8%. Stunning. More

Intuit is buying Mailchimp for $12 billion dollars. More


HUMAN NEWSA company called Amdocs did a study that found that around 30% of GenZ and Millenials have thought about switching jobs, but only around 15% of GenX and Boomers. So, around half. More

We finally figured out what made the Stradivari violins the best in the world after all this time. They were made from 1660 to 1750 and we’ve been unable to match their quality ever since. Turns out, it was the varnish. More

Women are nearly half of new gun buyers. More

Not sure how much this is anecdote vs. data, but Dr. Andrew Huberman says a colleague of his told him around 25% of students age 16-32 take unprescribed Adderall, and 5-10% also take Modafinil or Armodafinil. More

Some rich people are counting their antibodies. More

Antibody treatment is getting really popular, especially among those who don’t want to get vaccinated. The irony is that the treatments are quite new, and are basically cloned antibodies from Regeneron and Eli Lilly, which are companies not unlike Pfizer and Moderna. They’re happy to sit in a chair and be injected with cloned antibodies from a couple of pharma companies, but think it’s crazy to get a vaccine that teaches your body to make the antibodies yourself. Ultimately it comes down to conservative talk radio and podcast hosts promoting the latter and not the former. In other words, this country is doomed. More
 
California has the lowest COVID case rate in the country. Meanwhile, Alabama reported more deaths than births for the first time in its history. More More


CONTENT, IDEAS & ANALYSISIt’s Time for Vendor Security 2.0 — My essay on our broken approach to vendor security, and what I think we should do to fix it. More

The Is-Ought Problem and the Ship of Theseus — How human perspective might be the missing piece to solving a number of timeless philosophy problems. More

My Thoughts on the OWASP Top 10 2021 — My analysis of the new OWASP Top 10 for 2021. More

Why People Aren’t Going Back to Work — This is a brilliant, video-based argument for why many people might not be returning to work. Essentially, because of millions being laid off from the COVID recession, people are figuring out most jobs are not dependable, and that illusion was the only reason they were willing to take so little pay in the first place. I think this is definitely a factor, but I think the percentage of people who are going to start a business and pursue their dreams is much lower than this person thinks. Many more will just decide to stay out of the job market as long as possible, i.e., by moving back home, living off a partner, etc. Combine those with the stimulus money, and I think you have most of the explanation. More

Unemployed Spies — There have been several stories now about former spies being hired as consultants in repressive regimes to track down dissidents. It’s starting to remind me of the Iraqi Republican Guard situation during the wars. We walked in and just disbanded the entire group, and what do you know—they became a major problem for us. The point is that I’m sure they’d rather have been doing something else, but working against their own government became lucrative and their kids had to eat. This is less extreme of course, but we seriously need to think about how to maintain moral employment for people with highly valuable and highly morally sensitive careers. Spies. Assassins. Etc. You can’t just train these folks up and wave goodbye at the end of their terms. Well, you can, but they might go work for a frenemy. And that’s exactly what we’re seeing. There should be some sort of permanent home for these types, in a friendly capacity, so that they don’t feel pressured to take their skills elsewhere. And that should be required to even fund and run the program in the first place. More


NOTESI am seriously loving Sean Carroll’s The Big Picture. The concept of Poetic Naturalism really resonates with me. As does the idea of Effective Theories, which is basically a model of the way things work that will never change, even if we get better explanations for physics later on. More

I’m now knee-deep in the UL Book for the month, which is Mastermind. Book Club next Sunday! More

I’m looking for a new fantasy series. Suggestions welcome. 


DISCOVERY  [ Sponsored Discovery ] Semgrep — As someone who’s been in Application Security for over a decade, I personally believe that Semgrep is the future of static analysis. That’s how excited I am about this tool. It’s been on my radar for a while now, I’ve talked about it before here on the show, and my friend Clint Gibler of TLDRSec also works there! Essentially, it’s a framework for searching for things you care about within code, within configurations, etc., and it’s wicked fast. So pretty much anything you want to check for, you can write a YAML rule for and integrat it into your workflow. It supports over 17 languages and is powered by over 1,000 community rules. If I had to rate my top security tools of the past few years, and make predictions for impact into the future, my top two would be Nuclei and Semgrep. If you do anything around static analysis—seriously—take a look. More Get Started

Don’t be the Insecure Interviewer More

A Housing Theory of Everything — The idea that unaffordable housing is a meta-problem that causes most others. More

Men are giving up on college. More

Every engineer should do a stint in consulting. More

A Threat Intelligence Kanban Board More

Write Something More


RECOMMENDATIONS

James Clear’s newsletter is one of the few I look forward to every week. It’s just a few quotes, and it’s extremely concise, positive, and thought-provoking. Sign Up


APHORISMS“Of all forms of caution, caution in love is perhaps the most fatal to true happiness.”

~ Bertrand Russell

In a previous post, I claimed to have a solution to the Ship of Theseus thought exercise.

The solution is perspective. When you ask whether something is different or the same, the answer is that it depends on where you’re sitting and how you see the world.

If you’re one of the planks on the ship, or someone who cleans the ship every day, the ship is probably not the same. But if you’re someone who gets a promotion every time the ship shows up, it is still the same ship to you.

I’m reading The Big Picture by Sean Carroll right now, and in it he introduces a concept called Poetic Naturalism, which is the idea that there are multiple valid ways of describing something—again—depending on who’s doing the describing—and depending on what’s useful within their context.

An example of this that I’ve used before is the concept of an airplane wing. If you’re talking about the layer of subatomic particles, or chemistry, there is no wing. It’s just atoms and quarks and such. But if you’re an airplane mechanic, wings are quite real. The answer to which is correct comes down to this: They both are—because both are useful within their context.

Another example is the human body and one’s identity. Our bodies are constantly being remade through cell destruction and growth. And our memories—which are at the center of who we are—are constantly being deleted, reinforced, rearranged, and adjusted as we sleep. If you’re looking at the level of atoms or even the level of biology, we literally wake up a different person every day. In fact we’re different from minute to minute. But we don’t consider ourselves different because the primary observers—ourselves and other humans like us—don’t see that incremental change as significant.

That brings me to the Is-Ought problem problem. Although the book doesn’t talk about it, reading it got me thinking about puzzle in the same way. Is-Ought is an argument spawned by David Hume that it’s nearly impossible to determine what someone should do from looking at the world as it is. Or, put another way, it’s hard to move from descriptive statements to prescriptive statements.

I’ve not seen this argument in 15 years of reading on this topic.

I think the Is-Ought distinction is explainable in the same way as The Ship of Theseus.

Essentially, both need a third party to provide clarity. They both need a perspective—an observer—to cut through the confusion. For the ship, you cannot say whether it changed or not unless you also ask, “To whom?”

I think for Is-Ought, the analogous perspective is a human purpose.

It’s a goal or a desired outcome—-a statement that we’re trying to accomplish X for humanity. Examples include trying to reduce the number of people who are suicidal or depressed. Or reducing world hunger. Or improving the long-term happiness of a population within a country.

Not a perfect analogy because a magnetic field applies a force rather than providing a perspective, but still apt I think.

Applying a goal in this way is like applying a strong magnetic field to a table full of iron filings. The fillings are the IS, and they take on the pattern of OUGHT due to the external entity.

This is how to cross the gap between Is and Ought in a human context. And the irony is that Sean Carroll and Sam Harris have actually debated a similar topic, with Sean saying it wasn’t possible to use science to pursue moral questions.

What he was objecting to specifically was Sam’s Moral Landscape, in which Sam says you can bridge the distance between Is and Ought by applying science to a human problem. I suppose it would make sense that Sam’s work gets closest to this, given that he has been the most influential thinker on me since 2005 or so.

Effective theories will always be valid even if our understanding of underlying physics gets updated and improved.

It’s very strange that Sean doesn’t see the power of this perspective shift. Especially given his wonderful concept of Poetic Naturalism and his explanation of Effective Theories.

Much of his book is about how different ways of thinking about things are valid based on the level and context in which they’re observed. It’s not that far of a jump to realize Ought is just another instantiation of that.

Put another way, Ought = Is * Human Purpose.

So, no, you can’t get Ought from Is, but you can if you have a human purpose. Importantly, in order to establish this link, or to apply what’s in the Moral Landscape, you’ll need a society that’s advanced enough to apply science to extract the variables here.

Let’s take an example.

Let’s say we want to increase happiness for a population of highly depressed people in a country. And let’s say we have a super-advanced science function somewhere to do the work, as well as 100,000 years to conduct experiments, gather data, etc.

So, we have a measurement of their happiness, and we have measurements of attributes of the society. Measurements such as how open and free it is, views on sex, politics, the role of government, the role of religion, etc.

Let’s say it’s a highly repressive government that doesn’t educate its women, they don’t allow you to smile for three days a week, and they worship Fraun: the Goddess of Celibacy.

What a science-based approach could do is start trying different things in this society. They could move to a different kind of religion. They could educate everyone and pursue gender equality. They could start having recreational sex with each other. Or they could become a nation of hippies that believe nothing.

Over the course of centuries, given the right application of science, you could theoretically (for the sake of argument) try lots of different combinations. Maybe some experts thought you just needed to have a different god. Or that you needed more education. Or that they should increase no-simile days to 6 days a week.

The point is that they could try many of the major combinations of the variables on different places on their spectrums—all the while continuing to measure the happiness of the population. Keep in mind, some changes would produce some happiness for a few decades, and would then turn worse than the previous system. And some would look worse for a while and end up producing more happiness in the long-term.

Now, let’s say it’s 43,721 years later, and we’ve tried countless iterations and ended up with lots of societal configurations that each have their respective Population Happiness Scores (PHS’s).

Given another similar society, which is now asking for similar help, the question is this:

What should that society do?

We’ve learned a whole lot about Is. The Society Consulting team has over 40 millennia worth of great data. They know what works and what doesn’t work.

Now let’s say that in this new, primitive society they have someone named Hoome. He’s a smart Scoutish man who believes it’s impossible to know what kind of society to build. It’s impossible to go from describing the world to prescribing what you should do within it.

I would argue he’s wrong. I would argue that yes—we do have a path to Ought. The path is simple:

We have a Human Goal, which is to increase happiness in society, andWe have science to provide the Is that tells us how to adjust our approach.

Using these two, we can absolutely determine a good path forward.

Also known as, what we “Ought” to do.

SummaryThe solution to the Ship of Theseus problem is to add an observer as context.The solution to the Is-Ought problem is to add a Human Purpose as context.That context is what collapses intangible ideas like “the same” or “should” into something useful for the people that matter. Namely, humanity.NotesThere are many paths to increasing happiness in this model, and we can decide which we want to use based on lots of criteria. This is why Sam called it a “Landscape” in his book. As he said, there are many peaks and valleys. His key point is that you can use science to map out that landscape.