Daniel Miessler's Blog, page 46

I struggled with this problem long enough to want to share the a solution with everyone.

Things I had tried:

Lots of restartsResetting and rejoining Forcing 2.4 Ghz WiFi vs. 5 GhzTrying a different unit altogether

Those sort of worked, but only for a few minutes or a few hours.

The only thing that I’ve been able to get to work is this:

Disable all lights on the device.

That means all the indicator lights, the night light. All the light things.

This leads me to believe, like so many surmised in the forums, that the device has heat issues. And basically if you’re doing any lighting, you’re adding heat and the device is shutting down.

That’s weak sauce, but I’ve not had my doorbell stop working or become unresponsive since I did this. So while I lost a bit of functionality I did get the dependability back.

Hope this helps someone.

I remember the first time I learned about Maxwell’s equations in High School. They blew me away. Magnetism and Electricity—inexorably linked.

I wonder if humanity has a similar pattern with the two axis being:

Crisis vs. CalmAppreciation vs. Laziness

Crisis vs. Calm is where we go from periods of war and suffering to periods of happiness, and then back again. World War II, followed by the 50’s for example.

And that leads to the next one, which is Appreciation vs. Laziness.

As a generation goes through hardship, they get hardened and learn to appreciate everything in life. Clean water. Not seeing their friends die. Having a job. Having a place to live.

Then they have kids in peacetime and they try to push that appreciation onto them, but most of it doesn’t stick. It can’t, because appreciation is based on experience.

This is why immigrants are the best thing to happen to any country. It’s because they’re in the appreciation phase of the cycle.

America was founded by immigrants. It grew because of immigrants. And much of its greatness today is due to new immigrants.

Find a place where it’s suffering and stuttering and you’ll find a lot of people in the “take it for granted phase” of the cycle. Like they’re owed something for having been here for a while.

You’re not owed shit. America only works if people have the Puritan/Immigrant work ethic. Hard work. Striving. Being grateful for everything you have.

When you don’t have that, you become complacent. Bitter. Angry.

This doesn’t mean everyone in this phase is lazy and doesn’t want to work. That’s not true. But what it often means is that they’re no longer willing to work harder than the immigrants. They’re not willing to outwork the next guy.

That’s when the decline happens. America was founded on people who were willing to outwork the other guy. And everywhere you see greatness, you find those people.

This is not meant to be a comprehensive model: merely an informative one.

So, what we see is a pattern like the following:

Major conflict happensAn entire generation suffers greatlyAfterwards they become extremely hard workers who appreciate everythingThey build up society and some kind of happiness ensuesThey have kids who don’t understand their parents’ obsession with workThere’s a period of stagnationThey have kids who lack meaning and purposeThis creates a vacuum which gets filled by external and strong ideologies, e.g., hate, religionMajor conflict happensRepeat

Right now the West (and much of the world) is firmly in Phase 7, and is moving towards Phase 8.

We haven’t had world-scale conflict in a while, and there are many millions of people who feel they’re owed something. Like it’s being taken away by “those people”.

It’s a bad combo. It always is.

Phase 7 is good news if you’re in the ammo business though.

I just kind of noticed that the NYTimes never has a positive view of the West. Of democracy over communism. Of capitalism over communism. Or really anything that the US does.

It’s all bad news. Constantly.

I’m not looking for a ra-ra “the USA is #1!” pitch either. That gets you Trumpism. No thanks.

Reality is complex and tends to sit in the middle of extremes. The US, and the West, are both highly flawed and the best thing going. Those can absolutely exist at the same time. And they do.

The US, Canada, Western Europe, and “the West” more broadly are without question the best places in the world to be if you’re a woman, a person of color, or a non-CIS person trying to thrive in society.

Yet if you read the NYTimes you hear the exact opposite. According to them, the rest of the world is a haven for those groups. That’s where they can go to experience true freedom without discrimination. And it’s the West that is oppressive towards them.

What the hell is going on?

Why does this narrative exist?Is it accidental or on purpose?If it’s on purpose, who’s pushing it? And why?

I guess the logical answer is that it’s accidental, but that it’s become popular with young journalists, so it’s become on purpose over time.

In other words, it’s “in” to be anti-Western. We’re the bad guys. We being the extremely white, liberal, educated people writing the paper.

So it’s like healthy self-attack, for the purpose of improvement.

I get that. And it definitely can be healthy in some measure. But at some point medicine becomes poison, and I think the NYTimes has crossed that line.

Racism, police violence, gender equality—these issues all remain problems that need to be addressed. I’ve not seen a single center-leaning person disagree with that.

But damn, we can’t continuously bash ourselves and hope for any self-respect. Any therapist will tell you that.

“How do you talk to yourself?” is one of the main paths of therapy these days. It’s the idea that depressed and anxious people are often repeating horrible things to themselves all day long. And therapy involves finding nicer things to say to oneself.

The NYTimes needs some of that therapy.

LGBTQ people are not better off in Latin America, or Africa, or the Middle East, or in Asia.

It’s worse. Way worse.

Have some fucking self-respect. And stop telling us, and yourselves, how much we suck.

We’ve got a long way to go, but we’re doing ok.

At some point you become part of the problem by making it seem way worse than it is.

Dear NYTimes. Stop being part of the problem.

With Respect and Love,

A loyal reader and subscriber who still considers you the best paper out there

First off, I’m highly biased towards Apple. Have been since 2007. I camp for every major release. Yeah, one of those people. So that follows comes from love.

They just fumbled this one. To me it wasn’t completely about what they did or didn’t do. To me this is 90% a messaging porblem. They fired their “trust us we’re Apple” gun one too many times, and this time it didn’t land.

Here’s what I think they should have said:

Most big tech companies have CSAM policies where a database is looked for within your media, and reported if found.We absolutely see the need for CSAM protections, but have been extremely wary of building such a capability in the past due to our heavy emphasis on privacy.So we’ve been working for years on a solution that would allow us to do both: protect children, and protect privacy.Today we’re announcing that this system is now complete, and we’re ready to roll it out.It looks for this and this, and protects your privacy with this and this.TL;DR: The whole industry already does this, and now we’ve implemented our own version that is more privacy-focused than what currently exists.

The key, as you probably see, is to point out that this is a common, normal thing. And that they were holding out on their implementation to be MORE privacy-protecting.

Instead, the message landed like this:

Nobody else is doing this, because they protect your privacy. We’re the first to implement anything like this, and we’re going to go through your stuff in the following ways and report it to the government if we see something we don’t like.

That’s bad. Real bad.

I’m worried they’ll lose users and market share over this for many, many years. And I think it’s largely a communications issue.

There second issue that bothers me is that this same communications problem might have opened the door to government to ask for more stuff. Or China, for example.

They had a very firm stiff arm out saying, “Not on my watch.” before (see FBI/San Bernadino), but now they seem to have said there exists a new mechanism for 1) looking for things, and 2) reporting on things.

So the next time a San Bernadino happens, it feels like the government will have more leverage to force the door open.

Anyway, I remain a fanboy, but it doesn’t mean I have to like or defend everything they do. I put integrity above all allegiances.

So, yeah. This one disappointed me.

I’m really sad about Afghanistan. And angry.

I didn’t serve over there, but have many friends who did. Friends who lost friends over there.

I’m upset about what America has lost over there, and how it seems we should have known this day was coming for decades. I’ve been saying all along that 20 minutes after we stop nation-building it’ll be like we were never there.

But I’m not an Afghanistan expert. And few people commenting on Twitter are.

We know for example that all of what we did so far doesn’t help us going forward. But what we don’t know, or at least what I don’t know, is how much our time there helped us in the past.

Perhaps being there really did keep some kind of fight there instead of elsewhere, and perhaps that had significant value. I don’t know. I’d like to know.

I live in the Bay Area, the location of the largest Afghan diaspora in the world. I just feel so bad for all the people who are here and who are now cut off from their family back home.

Many of whom probably tried to leave before the Taliban took over the airports.

I mourn for the little girls who won’t be going to school. We just put a damp cloth on a million little candles of potential in that country. Girls who will never be educated. Girls who will become chattel to be traded and used.

I’m disgusted with humanity for allowing this to happen. It feels very similar to Syria, where the kids there have nothing. No schools, no jobs. No futures.

And what about terrorism in those places now?

What’s the plan for controlling extremism pressure generation in those places now? We all know what happens when you have extremist religion, poverty, and young men.

What’s the plan? Satellites and bombing runs?

That hasn’t even worked while we were in-country. How well will it work from outside?

I’m just at a loss. Such a fucking travesty.

If you’re reading this you’ve probably heard many explanations of AI and ML. Some good. Some bad. You’ve probably understood them all, but found them somewhat…unsatisfying.

It’s like they almost capture it, but not quite.

I think I have an explanation that will make it permanently click—like understanding detonating in your mind.

You can also call this AI because AI is the parent of ML.

Machine Learning is a way to pattern-match for the most important questions in human life.

Think of the important questions to humans—from 1,000 years ago, a decade ago, from yesterday, or for 2073. The questions always revolve around the same topics: Safety. Security. Business. Protection. Relationships. Danger. Love.

This is what movies are about. This is what wars are fought over. These are the most important things to humans, and much of the business world is based on answering questions related to these topics.

Here are some examples:

Is he carrying a weapon?Am I in danger right now?Is this true love?Is this mole cancerous?Is this person lying to me?What emotion is this person feeling?Should I hire this person?Is this transaction fraudulent?What is the perfect song to play in this situation?What should I say to make him fall in love with me?Is this my kid?Is this customer angry?Is this an attack on my computer network?Is this a good business deal?Should I date this person?What kind of illness does she have?Is this a solid legal contract?Did that customer have a good experience?Has this account been hacked?Should I buy this house?Will this person buy from us again?Will it rain in the next week?Did she cheat on me?Is that a star or a dangerous asteroid?

Traditionally we have relied on elders and experts for these answers. Not only was a human required, but it had to be our best humans. The wisest. The most educated. Those with the most experience.

That’s why Machine Learning is so important. That’s why you see so many AI startups. That’s why companies are investing in it so heavily.

It’s because ML has finally made it possible for machines to answer these questions. And to answer them better—and faster—than any human. At scale.

When you think of ML, don’t think about tech. That doesn’t begin to capture its importance. Think about humans, and eternal human questions.

Machine Learning is important because it’s addressing those questions in a way that humans have never been able to.

NotesI recommend my other post about a similar topic related to ML. More

Sam Harris is the last remaining sane person in the IDW, and he’s not even in it anymore. He renounced it a few months ago based on its sheer lunacy.

But now with all this antivaxx stuff I think the situation has gotten much worse.

Being super smart and education is clearly not enough. The Weinstein brothers are super smart, nice people, with lots to say and lots to offer. But I repeatedly see Eric boosting stuff that makes me cringe. And his brother Bret is just outright broadcasting it, not just boosting it.

And I still like Rogan, but over the last few months he’s been moving into the “just asking questions” mode as well. On UFOs especially. He’s basically just having fun talking to people who have wacky ideas that could—conceivably—have some sort of merit. Maybe.

That’s a low bar, and I’m already busy.

So meanwhile Sam, who is one of the OGs of this entire space, is increasingly alone. He’s found a way to stay firmly in the center while everyone else seems to have fallen off the edges.

His friend Majid? He’s gone crazy about vaccines and all sorts of things. Eric and Bret? They’ve let their skepticism metastasize into a loss of common sense on risk management. It’s a numbers game. Simple numbers. But they can’t do the arithmetic because they’re too busy trying to do linear algebra.

Ben Shapiro? Super sharp still, but he can somehow look at everything Biden is doing and say that Trump was better for the country. Seriously? Like I’m with him 90% when he’s bashing the extreme left, and how much damage their doing to their own causes.

But instead of stopping there, and bashing the right just as hard, he somehow concludes that Trump was right on the big things, and he just had personality problem that was slightly unseemly.

Peterson. Well, he’s still solid on his main points. And I love him on the search for meaning, especially in young men. But once again, he can’t stay on solid secular land when doing so. I get that religion is being more important to him. I get it. Especially given what he went through. I respect it. I respect him respecting religion. Hell, I respect religion now too.

But once again, you have to stay clear-headed enough to see the downside at the same time.

That’s what’s happening to us right now. We’re taking so much pressure on our shoulders, while standing on the tip of a triangle, that we’re being forced to fall down one of the two sides.

Jordan falls towards religion. Majid falls into another form of extremism. Joe goes looking for aliens. Eric and Bret become vaccine-truthers.

What the fuck is happening.

Like Sam can’t even have his old crew on the show anymore because they’re crazy.

It’s unbelievable.

What this has reinforced for me is that it’s not the IQ, or common sense, or education. Tons of Ph.D.’s, engineers, nurses, and even doctors are all about some antivax.

It’s clearly not about traditional credentials or attributes. It’s something different that steels one against such idiocy. I’m not sure what it is, but we better figure that out before we unravel ourselves.

It’s pretty damn hard for an algorithm to figure out information from misinformation when the people with legitimate credentials are spewing nonsense just like the mouthbreathers.

Like we’re staring reality directly in the face, as a country, with all of our hospitals filling up again with the unvaccinated. People getting sick. People dying. Healthcare workers pleading with people to get vaccinated.

And you can have doctors, nurses, Ph.D’s, look at that data and ask about the vaccines. After we’ve administered tens of millions of them with very few negative effects.

This is the level of stupidity that can unmake a society.

If you’re that fucking disconnected from reality then people can literally say anything to you, like 2+2=4, or 1+1=5, and you can deny the first and accept the second.

This has to break. The bubble has to burst. We can’t survive like this.

And in the meantime, Sam, keep fighting. I’m here with you.

[image error]

SECURITY NEWSDEFCON 29 (2021) Videos are already up! Normally that takes weeks! More

NSA and CISA have published a Kubernetes 59-page hardening guide. The recommendations are what you’d expect. Scan for vulns, least privilege, authN/authZ, logging, etc. More Guide

Deputy National Security Adviser Anne Neuberger said the administration thought about banning ransomware payments, but decided against it because they didn’t want to drive the activity further underground. I think they made the right choice. More

CISA Director Jen Easterly launched a new partnership with Amazon, Google, and Microsoft to attack cybercrime. The collaboration is called the Joint Cyber Defense Collaborative (JCDC), which includes a total of 20 companies, and will focus on shared insights, shared situational awareness, and developing national cyber-defense plans for protecting critical infrastructure. More

Google is killing off Android 2.3.7 and lower next month because they don’t support its improved login security. More

Apple is taking scrutiny for a new system it calls neuralMatch, where it will alert on images it believes might be CSAM, and if they hit a certain threshold they’ll be shared with relevant authorities. Apple has a great record of doing the right thing here (full disclosure: Apple Fanboy here), but many are worried that this can be seen as a foot in a previously closed door for government access. It feels like it’ll be harder to take another anti-FBI-backdoor-like stance after this. More

Windows 10 is going to start blocking malicious-acting apps this month. Their technical term for them is PUA, for Potentially Unwanted Apps, meaning they’re not quite malware but they kind of act like it. So like, advertising, cryptomining, bundling, marketing, or apps with a bad reputation. More

There are scammer services that will ban Instagram accounts for $60. You have to love market economies. You can pay for good reviews, and you can pay bad reviews. And now you can pay to knock a competitor’s account offline. More

The Pentagon is experimenting with a system called GIDE which uses lots of cloud data and AI to attempt to predict the future “days in advance”. Some serious movie-plot stuff. More

Vulnerabilities: There’s a zero-day RCE in Cisco Firewall Manager. More Google has released security updates for Chrome. MoreIncidents: Chinese cyber actors are going after Southeast Asian telco companies. They’re believed to be targeting telcos to get a foothold for larger espionage campaigns. MoreCompanies: Reversing Labs has raised $56 million to help address supply chain security. More Nozomi Networks has raised $100 million to do OT and IoT security. More
TECHNOLOGY NEWSCaltech just got $100 million to put solar panels in space and beam the energy down to Earth. I’m all about it, but that second part scares the crap out of me. I’m thinking about all our OT security problems and imagining the software the makes sure the microwave beam is pointed at the right place. More

TikTok now has a resume feature, and if they get popular enough they could bring video resumes into the mainstream. More

GETTR, the pro-right social media platform that prides itself on not filtering content, is being flooded with Islamic State propaganda. More

China has quietly released new guidelines requiring that hundreds of items including X-ray machines and MRI machines be purchased from Chinese companies, which places increased pressure on foreign companies trying to sell into China. More

Tesla Cybertruck production has been delayed until 2022. More


HUMAN NEWSChina is exerting pressure on social media companies that elevate celebrities as people to look up to. This is part of their new trend of acting like the Ministry of Wholesomeness. A few months ago they came out against male celebrities looking too feminine, and set off on a campaign of promoting masculinity in young boys. It’s getting pretty Orwellian for sure. More

Pearson has announced a subscription for college textbooks. You can pay $9.99/month for one textbook, or $14.99 for the full library. More

US gun sales continue at unprecedented levels, and suppliers are struggling to keep ammunition in stock. More

A fourth law enforcement officer who responded to the January 6th attack has committed suicide. More

There’s been a 13% increase in the number of law school applicants, which is the biggest jump since 2002. More

Disney has released more information on its Star Wars hotel experience, which is basically a hotel stay that doubles as an immersive Star Wars experience. But it’s basically for the rich, with a two-person stay starting at around $5,000. More

Biden has extended the pause on student loan payments to January 21, 2022. More


CONTENT, IDEAS & ANALYSISPatterns in UL Daily Routines — Our UL community posted our daily routines in our Slack channel and had a bunch of discussion around them, which was really fun. In this post I look at some of the commonalities between them. More

The Strange World of “Good Enough” Fencing — A short piece on the weird economics and psychology of fences and locks. More

Everything is K-Shaped — My thoughts on how much more than the economy is K-Shaped right now. More

How to Initiate Contact With a Mentor (2019) — My guide to reaching out to potential mentors to get the best results. More


NOTESI finished This is How to Lose the Time War, and I’d say it was…delightful. It’s what short science-fiction should be. More

I’m also re-reading Dune, for our book club, and it’s decidedly not short science fiction. More


DISCOVERY   [ Sponsored Discovery ] F5 Labs 2021 Application Protection Report: Of Ransom and Redemption — This year’s report used data from more than 700 data breaches, attack intelligence from the F5 Security Incident Response Team (SIRT), and other open source intelligence. The two big themes in the report are the rise of ransomware in 2020 and the enduring popularity of formjacking-style attacks (such as Magecart) against organizations that take payment card information. We also identified patterns between organizations’ data types and how they are likely to be targeted. Organizations that take payment cards for any reason are most likely to be compromised through a formjacking attack. Conversely, organizations whose stored data is harder to sell are much more likely to be attacked with ransomware. This provided the clue to understanding why ransomware is such a problem right now. Attackers have figured out that ransomware is a shortcut to finding a buyer for stolen data that is nonfungible—by selling it right back to their own victims! Get the Full Report

“Linux is only free if your time is worthless.” More

“The Gini index of OnlyFans is 0.83. The most unequal society in the world, South Africa, has a Gini index of 0.68.” More

Clubhouse is a Cargo Cult More

ATO-Checklist — A list of considerations when designing a sophisticated program to deal with account takeover threats. More

So You Inherited an AWS Account More

Apple is Now an Antifragile Company More

Git Quick Statistics — A list of statistics for a given repository. More

An Introduction to Semgrep More

IPO Brief — A list of this week’s hottest IPOs. More

The Importance of Improving Indoor Air Quality More

AutoRecon v2 — A multi-threaded network recon tool that performs automated enumeration of discovered services. More

Haklistgen — Turn any text into a usable wordlist for brute-forcing. More


RECOMMENDATIONS

Listen to this episode of the Prof G podcast with Josh Wolfe as the guest. He talks about regulations in China, crypto, and all sorts of really interesting topics. One of the best interviews I’ve heard in months, on any show. More

Do me a favor and add the podcast to your Spotify.


APHORISMS“Educating the mind without educating the heart is no education at all.”

~ Aristotle

We recently asked members in our Slack channel to post their daily routines. I was pretty sure there would be some great ones, and I was not disappointed…

This Content Is For Paying Members

Subscribe

Already a paying member? Login

I’ve always been fascinated by security that was “just good enough”. I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize.

As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.

They’re like, suggestions. They’re like the opposite of winks. They scream at the top of their lungs,

Um, like, maybe don’t come in via exactly this spot. Unless you want to. That’s totally fine too.

A fence

So I was walking around earlier today near a construction site and saw all the different fences that were keeping people out of the area after hours. It was hilarious. Like I was snapping photos and laughing out loud, which people normally only do while texting.

Nobody OPSEC me based on the atomic composition of the fence please.

The first picture at the top was a classic—a 5-pound chain threaded through one link of the cheapest fencing available on Sol-3.

Oh, and then look at this one. This one will keep anyone out, as long as that anyone doesn’t have a wrench.

Who even has wrenches tho

And the further I walked, the funnier it got.

This one was just a piece of wire. I opened it with my ultra-soft IT-person fingers.

But it’s also a puzzle so that helps

And then after a few more feet, I came to the next fence challenge…

Probably sensors and lasers and stuff, so I didn’t risk it

That’s right, you can just like…keep walking…for a few feet and just find a spot with less fence. In this case, no fence.

So we’ve got the one-link defense, followed by the twisty-tie defense, followed by the invisible-section defense.

But here’s the crazy thing: was the place being raided? Were people behind the barrier? I talked to a security guard there, and did they tell me there was a lot of theft?

No. Virtually none.

Why?

Because of the fence.

It’s a strange world where so many security systems hover at this nebulous barrier between nothing at all and something substantial. And any nudge in one direction would push it over the line.

Doing better than a twisty-tie? –> Way better security. Someone actually wanting to go inside? –> One could spend three times as much and it wouldn’t stop them. These paper fences stop lumber thieves, and taking your shoes off at the airport probably stopped dozens of shoe bombers.

Until it doesn’t.

It’s getting hard to make fun of Security Theater when it seems to work so well.

As it turns out, the right amount of security—by definition—is that which is “good enough”. The clue is in the name.

It’s a perfect economic dance. Reduce the Theater by just a shade and you lose all your lumber. But spend $0.37 on an extra rusted twisty-tie and you’ve wasted money.

I see a lot of security systems this way now, and I can’t unsee it.

NotesIt’s the same for residential locks. Trivial to pick, and they have been for decades. But they’re good enough.Also reminds me of Why Software Remains Insecure.