Daniel Miessler's Blog, page 48

This Content Is For Paying Members

Subscribe

Already a paying member? Login

[image error]

SECURITY NEWSCISA has released analysis of its RVA (Risk and Vulnerablity Assessment) programs for fiscal year 2020. It looks at the top findings in the assessments its done and maps them to MITRE’s ATT&CK framework. Really cool stuff here. More Report

Biden asked Putin on Saturday to disrupt the ransomware groups operating out of Russia, and said that the US will take “any necessary action” to defend itself. That’s strong language, but I don’t think it’ll be heard unless it’s accompanied by supporting action. More

The FBI says attackers are using technical support fraud, SIM swapping, and crypto exchange credential attacks to go after peoples’ crypto wallets. More

Microsoft has released out-of-band updates for PrintNightmare. More

A new piece of malware called BIOPASS is a RAT that side-loads OBS to record victims’ screens. More

Zencity is an Israeli data analysis firm that provides anonymized and sanitized trend information on social media, especially as it relates to misinformation. They already serve 200 agencies in the US and market themselves as providing trend data without revealing sensitive PII related to specific people. More

Microsoft paid $13.6 million in bug bounties in the past year. If this was ten times higher it wouldn’t seem too high. More

The Pentagon has canceled Microsoft’s JEDI contract, and is restarting the bidding process. More

We continue to see fallout from the Accellion hacks, with Morgan Stanley announcing a breach as a result of the attacks. Same with Blackbaud, and Solarwinds, and lots of other supply chain attacks. It’ll take years before we know how broad and deep they actually went. More

Amass (OWASP) has a new feature collaboration with SecurityTrails where you can share the subdomains you’ve found for a domain with the community.You add your SecurityTrails API key to Amass and use the -share flag to publish what you found to the API. Very cool! More

Palo Alto’s Unit 42 has analyzed REvil’s tactics and found them to be depressingly basic. Phishing, credential-stuffing RDP servers, etc. Depressing, yes, but why do something more advanced when the simple stuff keeps working? More

Recorded Future has detected Chinese APT group TAG-22 going after Nepal, the Philippines, and Taiwan using Winnti and other tools. More

China’s cyberspace regulator just said any company with more than 1 million users needs to go through a security review before offering shares overseas. The goal is to prevent the foreign listings from allowing an avenue for foreign government influence into the companies, and therefore into China. More

Jack Cable of the Krebs Stamos Group has launched a new tool that tracks ransomware payments, called Ransomwhere. More Tool

Vulnerabilities: CISA has released a security advisory for Phillips Hue PAC products. More Cisco has released updates to its Web Security Appliance and Business Process Automation products. More Western Digital users need to worry about another RCE. MoreIncidents: Insurer CNA reports a data breach after its ransomware incident. MoreCompanies: NanoLock Security raised $11 million to continue protecting OT devices. More ZeroFox acquires dark web threat intelligence company, Vigilante. More
TECHNOLOGY NEWSA number of startups are using AI to create realistic voice and video for digital assistants, video game characters, corporate videos, and advertising. More Sample

Facebook is building a new city near its headquarters called Willow Park. It’ll be a self-contained city with 1,729 apartments, a hotel, and supermarkets, cafes, restaurants, parks, and a pharmacy. It’ll allow the company to employ 3,400 more employees at that location. More

Tesla has started rolling out its long-delayed Full Self Driving software update. Or at least it’s closer to fully autonomous driving. It enables numerous multiple features that get us closer, such as lane changes and turns off the highway. Turns out this whole thing was harder than Musk thought it would be. More

Visa said it’s partnering with 50 crypto companies to allow customers to use digital currencies. More

Amazon is selling COVID test kits for $39.99 in the US. More

TikTok is inviting users to send video resumes to participating companies, including Target, Chipotle, Shopify, and others. Whether we like it or not, a lot of jobs come down to charisma and likeability, especially in customer service. Plus we know legacy hiring is horrendous. So I can see this being really successful. More

Amazon has been instructing managers not to tell employees whether they’re on a performance plan unless they ask. More


HUMAN NEWS59% of Americans thought they were “thriving” in June, which is the highest percentage in over 13 years of measurement. The previous lows were at the worst parts of the 2008 financial crisis and the pandemic, both of which were at 46%. More Graphic

A Yale study has shown that psilocybin repairs brain cells in mice that have been damaged by depression. More

Cubans are protesting for freedom in some of the largest pro-change gatherings in decades. I’m sure China will be watching this closely. More

Death Valley hit 130 degrees recently, matching Earth’s highest recorded temperature in 90 years. More

New research in the journal Cell claims that neurons don’t just encode information in the rate of their firings, but also in their timing. It’s believed that this could explain how humans learn so quickly. More

The President of Haiti was assassinated in his home, and there are Americans among the suspects. More

A UC study found that there actually wasn’t a massive migration out of California. They said there was a migration out of San Francisco, but that 2/3 of those people stayed in the Bay Area and 80% stayed in California. More

CONTENT, IDEAS & ANALYSISGetting Good — A quick thought on how to get really good at something. More


NOTESI finished our book club book in like two days after we selected it, and I’ve read two others since then. Getting the reading in! I’m currently re-reading a bunch of Mark Manson stuff.

I’m looking at installing a reverse osmosis system at my main sink. If anyone knows the best brand/options/tips, please pass them along. I am not sure I’m going to do a water softener for the whole house. Seems rather drastic, and I’m worried about it affecting other plumbing. But the water filter—yeah, that’s a must. Can’t have good coffee without good water. Any tips appreciated.


DISCOVERY   [ Sponsored Discovery ] INKY — INKY uses machine learning and computer vision to identify and block zero-day phishing emails that get through legacy email systems. Using the most advanced detection techniques INKY blocks malicious phishing attacks on Microsoft O365, Exchange, and Google Workspace. I know and have worked with the team over there, and I use this service myself. It’s fantastic and if you’re in the market for email security you need to add them to your list. Get a Demo

Security Scorecards — Automated analysis and ratings of open source project secure using a scorecard system. More

It Was All a Dream — A Python-based PrintNightmare vulnerability scanner that lets you test entire subnets for the issue and get the output as a CSV. More

Hakrawler —A Go-based web crawler for gathering URLs and JavaScript paths. More

Codingo shares his recon approach using SecurityTrails, FDNS, WHoxy, and other tools More

Geneology of Nassim Taleb’s Incerto More

A FASCINATING interview about how products are less differentiated by features these days, and are increasingly standing out due to their story and messaging. Must read. More


RECOMMENDATIONSIf you have a NAS, make sure it’s not connected to the internet. If you look at all these QNAP and Western Digital RCEs, and you consider what most people have on their NAS, it’s probably not worth it to have it online. These companies tend not to be staffed with the security expertise to host your most sensitive data online. Go into your interface Make sure the system is up to date Make sure you have a strong, non-default password Take it off the internet Help your less-tech-savvy loved ones do the same
APHORISMS“You are the artist of your own life. Don’t hand the brush to anyone else.”

~ Iva Ursano

If you want to get good at something, do it. If you want to understand something, teach it.

And if you want to master something, do both.

There are brilliant practitioners who have no idea how their craft works, or why they’re good at it. And there are fantastic teachers who couldn’t make a living as practitioners.

Strive to understand your thing well enough to teach it, and to practice it well enough to be a professional.

Each aspect will enhance the other.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

[image error]

SECURITY NEWSMITRE has released D3FEND, a defensive counterpart to its offensive ATT&CK framework. It not only has its own separate ontology for defensive activities but also maps them to their offensive counterparts. “In other words, see what stops what.” More D3FEND

The cyberinsurance market is facing major headwinds right now, largely due to a surge in ransomware payouts. The average paid loss went from $145,000 to $358,000 in the last year, and the DCC metric that looks at direct loss plus defense and cost containment jumped from 42% to 73%. This is forcing companies to raise their premiums to cover some of those costs. More 

Ant Group is in talks with China’s state-owned company infrastructure to use Ant’s massive datasets for credit scoring. Another example of China’s government flexing on the private sector. More

Microsoft mistakenly signed a rootkit package that’s being used in gaming environments. It’s called “netfilter”, and it has been seen communicating to Chinese C2 servers. More

GroupSesnse says Monero is rising in popularity with ransomware gangs due to it being harder to track. More

HIPAA allows hospitals to sell patient data as long as it’s anonymized. So lots of companies are looking at how to make money off all that data. What could go wrong? Improper anonymization, for one. More

The STIR/SHAKEN technology to stop robocalls is set to become enforceable on June 30th. On that date the major carriers (AT&T, Verizon, T-Mobile, Comcast) will need to start authenticating the source of calls to ensure CallerID isn’t being spoofed. More

Vulnerabilities: There’s a CISCO ASA vulnerability that’s being actively exploited. More Zyxel firewalls and VPNs are under active attack. More If you own a MyBook Live network storage device from Western Digital, you’ll want to take it offline before it gets compromised/erased. More VMware has released security updates. MoreIncidents: New York City’s law department was penetrated due to an email password. Data lost include childrens’ criminal records, medical records, and personal data for thousands of employees. MoreCompanies: Bit Discovery has raised $4 million in the Attack Surface space. Congrats to Jeremiah and team! More Splunk launched Splunk Cloud Security, and pulled $1 billion from Silver Lake. More PagerDuty is getting into remediation. More Illumio has raised $225 million to protect multicloud and edge. More Graylog pulls $18 million to manage and analyze log data. More
TECHNOLOGY NEWSMicrosoft announced Windows 11, which has a clean new glassy interface, and claims to focus on freedom and choice. It will be a free upgrade. They’re building Teams into the OS, which doesn’t make sense given the fact that 1) nobody seems to like Teams, and 2) what happened to Skype that they paid like $9 billion for? More More

Andreessen Horowitz has launched a new $2.2 billion crypto fund. More

Microsoft has closed above a $2 trillion market cap for the first time ever. More

A new study out of MIT and Boston University says that automation caused up to 70% of middle-class job loss in the US in recent decades. Hardest hit were vehicle manufacturing, printing and publishing, and the manufacture of rubber and plastic products. More

Google has decided not to stop using third-party cookies until 2023. More

A number of Google executives are becoming worried about the company’s future. More

iTV has a story saying Amazon destroys millions of items each year rather than finding something productive to do with them. More

Amazon has acquired Wikr, an end-to-end encrypted communication technology. More

Companies: SafeAI raises $21 million to retrofit dump trucks, bulldozers, and similar with autonomous tech. More Rasgo is a Github-like repository that helps data scientists explore, clean, join, and and transform data sets for machine learning models. More
HUMAN NEWSThe US economy is up 6.4% in Q, and estimates are that Q2 will be even higher. More

The Labor Department says a record 4 million people quit their jobs in April. More

McKinsey has identified 56 foundational skills that will help citizens thrive in the future of work. They’re broken into 4 categories and 13 skill groups. More

DeepMind says Reinforcement Learning is powerful enough of a technology to create AGI over time. In short, they believe that if you game smart AI against itself, in different types of scenarios, it’ll eventually learn how to do enough to be considered generally intelligent. The paper talks about “instantaneous calculation” and “perfect memory”, allowing computers to outperform humans at almost any task. This is big. More

In a survey of over 200 police departments, retirements were up 45% and resignations were up 18% compared with the previous 12 months. More

Nearly all US COVID deaths are now unvaccinated people. 150/18,000 of the deaths in May were vaccinated, or .008%. More

Belong Gaming has opened the US’s first esports gaming center in Houston. More

California is paying off all COVID-related past due rent. More

A survey has found that men are losing their close friends. In 1990, 3% of men said they had no close friends, and that’s now 15% in 2021. And just 15% say they have 10 or more close friends, as opposed to 40% in 1990. More

China is sending people to Mars in 2033, with plans to build a base there in a second phase. I’m happy to hear it, but I think Musk and others will be there by then. More

Amazon is continuing its rollout of “grab and walk” grocery stores in London. This includes larger stores, not just the little ones. Scan your app, walk in, take what you need, and walk out. More

Oakland, CA is redirecting $17 million from their police budget, which translates to around 50 police officers. I think defunding police is a horrible idea that mostly affects communities that need police the most. More


CONTENT, IDEAS & ANALYSISSummary: NOISE — My summary of Daniel Kahneman’s latest book, NOISE. It’s all about how things like medicine, hiring, and all types of judgment are plagued by inconsistency, and what you can do about it. 10/10. More


NOTESWe had Book Club on Sunday, and it was brilliant. Lots of great discussion about Speaker for the Dead, and we picked our next book as well. Come join us for the next one!


DISCOVERY   [ Sponsored Discovery ] Privacy.com — Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. This is great for paying subscriptions or one-time payments, especially if you’ve had issues with card compromises in the past. Head to privacy.com/unsupervisedlearning and get $5 when you sign up. More

DJ3D Louvre — Walk around the Louvre as a 3D MMORPG. More

Realtime Voice Cloning — An implementation of multiple papers that allow you to clone a voice using Pytorch. More

Key Differences Between TLS 1.2 and 1.3 More

How Reddit uses its millions of users to moderate content. More

How to Properly Build Remote Teams More

A group of academics partnered with the military to try to predict the next war using novels. More

A history of all Googles’ various messaging apps. More

Nightmare — A reverse engineering course based around binary exploitation, built into a CTF structure. More


RECOMMENDATIONSNOISE — The latest book by Daniel Kahneman on how there’s often far more variation and error in expert judgments than we think. And how to address it. This along with Thinking Fast and Slow and Superforecasters are my new Holy Trinity of books on clear thinking. More


APHORISMS“It’s simple to be happy, but hard to be simple.”

~ Rabindranath Tagore

This Content Is For Paying Members

Subscribe

Already a paying member? Login

Several years ago I wrote a piece called Algorithmic Learning, and then another one here.

This will be the third in the series, as evidently this is an idea I can’t get out of my mind.

The concept is this: There are two main ways we learn—passively and actively. Or as I put it before, via osmosis or via algorithm.

Here’s another way to look at it.

Imagine you’re moving through life and you have two things to help you—a pair of magical glasses, and a magical notebook.

Everything you hear, see, study, and otherwise learn from either modifies the notebook, or it updates your glasses to see the world in a different way.

So when you get ready to do a particular task—say, to create a new deck as part of a presentation—you have two ways of benefitting from your experience.

You can see or think about the world in a passive, indescribable, and fuzzy sort of way, orYou can turn your notebook to the page titled, “How to make a presentation” and look at your current best methodology

As an example for the first, lens-based approach, maybe read a book about how presentations are all about telling stories, and that slides should just be background imagery that support that story. In that scenario you’re not thinking of any specific part of a book; it’s just that you no longer see—for whatever reason—that slides will be the center of your talks from now on.

That’s one way for your talk to improve.

In the second example you open your notebook (or Github for me, actually), and look at your current optimal deck-making recipe. You can see that 3 years ago you started by creating a deck, deciding on fonts, and moving from slide to slide working on the ideas. And now, looking at the updates that have been made to the methodology, you see that step number one is to start with a bulleted outline. No slides. Just text that tells the story.

In both cases we’ve altered how we will make a deck, but in the case of the lens it’s a change in mindset and perspective about giving talks in general. In the case of the list it’s a tangible alteration to an algorithm.

I think it’s fascinating to think of learning in this way.

Practically what it means to me is that passive learning might help you as it accumulates from many years of reading many good books. But you often can’t do attribution on how your mindset has changed, or from what source. You’re left with something of a faith-based feeling of, “I guess I see this differently now based on a bunch of the reading I’ve done.”

Alternatively, algorithmic-based learning lets you look specifically at how your approach to solving a problem has changed over time. And if you do it right—which I’m doing with Github—you can actually annotate why you added or removed a step in your methodology. E.g.,

—

OldEat oatmeal for breakfast. (How Not To Diet, Read in 2019) Brisk walk before lunch. (Some Book, Read in 2017) NewSkip Breakfast. (Lifespan, Read in 2021) Wake at 6:00am and do a walk outside in the sun. (Hubberman Podcast, Listened in 2021)

—

The takeaway here is that you don’t have to stress as you read or otherwise consume content.

There are two different ways to learn. Maybe you have the time and focus to capture specific steps in an algorithm, and that’s great if you do. But even if you don’t, you can still learn via small bits of accrued knowledge accumulating over time.

Whether you’re upgrading your list or your lens, you’re still getting an upgrade.

This Content Is For Paying Members

Subscribe

Already a paying member? Login

I talk a fair amount about what I don’t believe, which causes people to ask what I do believe.

Here’s an attempt at a short version.

I don’t think we know everything about reality; far from it.

I think our universe is likely to be material and mechanistic, meaning things exist and interact based on physical rulesI doubt our universe allows for the supernatural as most people on this planet imagine it, e.g., religionsAt the grand scale of the universe I am an agnostic, meaning I have no idea about the underlying nature of reality, what came before the big bang, or whether or not we’re living in a simulationBut at the human scale, on Earth, in the year 2000 or so, I am an atheist. I make this distinction because I am denying specific claims made by others. They’re saying these gods exist, and that they have these rules, and I say Bollocks. That’s atheism, and I’m as sure of that as I am of most anything elseBut at the cosmic scale I have no such certainty. I am an open-minded curious person who is completely open to evidence. If you told me a bunch of Mormons were running our simulation and that they were actually Gods, and you could show me their planet, I’d believe you. In short, I have no idea about the underlying nature of reality. All I mean by atheism is that I don’t believe anyone else does either. Here’s my one-word summary of my type of atheism: “Nope.”“Hey, this one god did this and wrote this book and says you can’t eat pork!” “Nope.” That’s the root of athiesm. It exists in the context of a claim. It does not stand alone. Nobody is an atheist of the god Babbbrookamagooga, who worships Tupperware. Why? Because nobody has claimed that god is real and tried to teach it in schools. Get rid of all of that nonsense and you get rid of the atheists at the same time.There are around 100 billion stars in our galaxy, and around 2 trillion galaxies, so, yes, I do believe in life on other planetsFurthermore, I believe in lots and lots of intelligent life on other planets. How much? Who knows.I think humans are, in that sense, extremely non-special, or at least we would be if we could see the totality of other life that existsBut there’s a duality here that will keep coming up: just because something is unspecial in its uniqueness doesn’t make it unspecial in its value. Value can be added to something by someone valuing it, or—to say that another way—by appreciating itThere doesn’t seem any way for us to have free will as most people think of it. Either things are mechanistic and determined, which gives us no freedom, or they’re random, which also gives us no freedom. This doesn’t matter at all to me. We end up behaving as if we have it anyway. The reason the distinction matters is so that we can design our reward and punishment systems accordingly, but in a practical sense we will continue to behave largely as if we had free will

I don’t think we know everything about reality; far from it.

I think humans are the way we are because evolution made us that way. We’re meat puppets with evolution’s fingers up our butts. Evolution wants us to survive and have sex, so we try to do those things. Go in to any bookstore and look at the magazine rack. Those covers you see with attractive people talking about money and material belongings—yeah—all that is evolution talking.Put another way, every single thing you’ve ever wanted is because evolution gave you those desires. You can’t decide not to like tall men if you like them. You can’t decide not to like blonde women. If you’re a deeply loving person, or like kittens, or enjoy ice cream, those are all things that came in the box.We are—as conscious beings—some very strange consequence of evolution making lots of creatures that compete with each other. We have all these opinions about why we believe this or that, or feel this or that way, or why we have this type of strong moral character. It’s all silly. Not really. But it is. We are precisely what our genes and our environment made us to be. And evolution made us competitors. Competing to survive, and competing to have sex with the most and/or best mates possible. This explains every single thing you see in this world. From sailboats to hand grenades. From ice cream to doggie spasWe are mindlessly (or mindfully if you pay attention) acting out programming that rises within us from nothingness. You want this ice cream instead of that one? Why? Hard to say, but it’s not because you decided to want one vs. the other. You don’t decide what you want. Evolution did that for you.We are a species of competitors trying to navigate a modern world using the rules set out by evolution’s punch card programming. This is why people are often so perplexed at their own behavior. They are not the authors. None of us is.So, if there’s no supernatural, no religion, and no gods, and evolution programmed us to be sock puppets. What do I believe? And why do I get up in the morning?Easy answer: life is fucking amazing. We as these silly sock-puppet humans have so much capacity for curiosity, wonder, beauty, and happiness. Do we have free will? No. Is our basic programming set by evolution to be a silly meat popsicle that competes for stuff and mates? Sure. But so what?This is all true, but it doesn’t make ice cream taste any worse. It doesn’t make watching Netflix with the love of your life any less magical.And that’s the word I’m using—magical.We’re flying around a ball of burning gas, one of 100 billion in just this one galaxy. And we’re in a spiral arm next to many other galaxies just like ours. Soon Andromeda will crash into our galaxy and we mostly won’t notice because most galaxies are empty space. Plus we’ll probably all be dead.The point is that this whole thing is so arbitrary and silly. Random physical constants create certain shaped life forms, and they end up becoming conscious for whatever reason. And now we can experience all this pain and pleasure and anguish and euphoria.Sure, you could just take that information and become a nihilist, or a hedonist. All about you, all the time. More pleasure, more fun…why not? Nothing matters anyway, right?Sure, at some level nothing matters.And at some level, platinum and Rolex watches are just atoms. At some level, a smile from your lover is just an atomic configuration of cells full of bacteria and viruses.Is that “reality”? Sure. And there’s no such thing as an airplane wing because it’s just a bunch of metal atoms.No. A lover’s smile is more magical than a trillion suns orbiting a trillion black holes. Yes, there’s a black hole at the center of our galaxy.Objective reality isn’t what matters when you’re measuring…what matters. Humans are the judge of that because we’re the ones experiencing it. Objective reality is a tool we should stay tied to so that we can maintain a baseline of truth witch which to run our societies, but it’s no way to have a great time at a party.At a party, or with a lover, or with a friend, what matters is how they react to the food you made, or the joke you told, or the life-altering news you gave them. Meaning is the happiness and suffering of humans (Harris). Everything else, including “objective reality” is details.So, what to do with one’s life.Live. That’s what. Live. And help others do the same.What does that mean?It means fully embracing this silly and wonderful existence, which had little chance of happening in the first place. I mean, what are the odds? We are looking at all these stars and galaxies in our sky, and it’s a tornado of silent death and atomic violence.Yet here we are typing on keyboards and reading what some other advanced monkey said about the same. It’s all really weird.So rejoice! You currently only get one life, so lean into that shit.I have a few tenets that I really respect. First, from Bertrand Russel: “Inspired by love and guided by knowledge.” That’s a way to live a life! Second: “Increase happiness and reduce suffering.”, by Sam Harris.Third: “Provide value, give thanks.” by Scott Adams.Those are pretty solid, and I generally see Stoicism as the best path to resilience that facilitates happiness and meaning. But not the subdued and boring Stoicism that you probably think of today. Stoicism isn’t about not feeling things; it’s about not feeling unnecessary things. Orgasms, smiles, and laughter are necessary things.My approach to live is simple: figure out what you want based on knowledge of all of our building blocks—which is mostly evolutionary biology—and then build a model for pursuing those things.For me that’s exploration of this wondrous world we live in. It’s finding all the amazing things we can do in it, and trying them out. It’s living fully. It’s explaining that world to others. For work it’s helping make that world safer. And most of all, it’s about helping others do the same!Every part of that can fill a thousand lifetimes. Just exploring. Just enjoying. Just explaining. And just helping others do any or all of them.I’m honored to get to spend my days dabbling in each of them, and organizing them into a life arc and methodology that helps me pursue them.Some say that a materialist or atheistic view of the world is a hollow one. Don’t believe them. I see the world as it is—or at least as it seems to us—without any unnecessary fantasy added to make it more palatable. It’s platable as it is, even with all its quirks and flaws.I’m ok being not far from a monkey. I like monkeys. They’re fucking glorious, and so are plants and rocks and milkshakes. And so are you.Embrace the world. It’s unspeakably wonderful. Embrace it and spend some of your time helping others get to a place where they can take joy from it as well.

That’s how I view reality and meaning.

[image error]

[ Sponsorship — If you’re a company interested in appearing in the UL Discovery Section as a Sponsored Discovery, you can now reserve a spot for Summer/Fall 2021! Reserve ]

SECURITY NEWSThe FBI paid a developer to create a backdoored chat app that it promoted among many criminal elements worldwide. They then sat and listened to communications that the criminals thought were encrypted and used that knowledge to arrest hundreds, seize 32 tons of drugs, 250 firearms, 55 luxury cars, and $148 million dollars. You have to wonder when these types of criminals are going to start insisting on more secure apps like Signal. More

EA got hacked and significant data were stolen, including the source code for various games. A representative from the group that hacked them said they got in via Slack. More

CISA has announced its vulnerability disclosure policy platform in collaboration with BugCrowd. The system will simplify the running of bug bounty programs against their attack surfaces, and will centralize payment of the researchers. In addition, discovered vulnerability information will be shared between agencies. More

The massive supply chain attack against the airline industry is now being attributed to Chinese APT41. The attack targeted SITA, a company that served around 90% of the world’s airlines. More

The US has revoked the previous order to ban TikTok, and has initiated a new review of applications that are tied to foreign adversaries. More

DARPA has a project that shoots streamers at drones instead of using explosives. The streamers get wrapped in the drones’ propellers and other surfaces, causing them to crash. The idea is to use this method in populated regions to avoid human casualties. More

Vulnerabilities: Microsoft patches 6 Zero-day vulnerabilities among 49 fixes on Patch Tuesday. More Google patched a critical Android RCE among 90+ issues. More Intel has patched 73 vulnerabilities in its June update. MoreIncidents: McDonald’s has disclosed a data breach affecting both customers and employees. More Volkswagen disclosed a data breach affecting 3.8 million Audi drivers. They say the breach was the result of one of its vendors hosting something insecurely online. More Cyberpunk 2077’s developer says it was hacked and that there is now data circulating online, but they’re not sure exactly what. MoreCompanies: Immersive Labs is a company that teaches cybersecurity skills to corporate employees using threat intelligence and gamification. They just raised $75 million. More Trulioo (say it out loud) has raised $394 million to verify peoples’ identities. More
TECHNOLOGY NEWSGoogle says it’s using AI to create chip designs in 6 hours that would take their experts months. More

Twitter is about to add a subscribe button to peoples’ profiles that have Revue accounts. This moves their competition with Substack to the next phase. More

Companies: SurveyMonkey has rebranded to Momentive and is focusing more on the enterprise. More Flyhomes has raised $150 million to streamline homebuying. More Eightfold is an AI startup that finds, recruits, and retains workers for companies. More
HUMAN NEWSProPublica has come upon a trove of information evidently showing how billionaires manage to pay little or no income tax. More

Far more young men are out of the labor force and living at home. More

US inflation is at a 13-year high as we recover from the pandemic, and prices just surged 5% in May compared to last year. More

Pension funds are buying up single-family houses in competition with families. More


CONTENT, IDEAS & ANALYSISDeclining Religion in the West Creates a Vacuum for Extremism — I spent much of my 20’s and 30’s as an outspoken atheist, and while I still don’t subscribe to a religion, I increasingly see the benefits of a shared culture that comes with a shared faith. I’m becoming worried that the west is in serious danger of being stamped out. Not from people, but from ideas. I worry that the west’s most powerful asset of discarding old and bad ideas is now souring into having none at all. This creates a vacuum, especially among young males, and leaves them open to strong ideas from elsewhere, e.g., Mormonism, Communism, Islam, White Supremacy, etc. In short, I worry that the west has discarded so much of its shared culture (nationalism, Christianity) that it’s now eager to listen to anyone with a strong opinion. People, especially young people, are drawn to certainty. A unified vision of how the world works and what’s going to happen. Religions and cults provide that in a way that agnosticism, skepticism, and humanism do not. So by discarding our own versions of bad ideas, we’ve opened ourselves to other peoples’ versions—all because the concepts of intellectualism and curiosity aren’t yet enough to quench most humans. We need more. And unfortunately, there are many bad ideas—much like the ones we’ve spent the last decades shedding—that are more than willing to fill the void. I see this as more than a point of interest. I think young men lacking a shared culture with those around them constitute a national security threat. They are empty vessels waiting to be filled with extremist ideologies around race, religion, and immigration. If we in the west want to continue our western experiment, we’re going to need something both substantive and positive to offer as an alternative to Communism, extremist Islam, or white nationalism. Something like the thing we removed. Something like a religion.

Reinforcement Learning as a Path to AGI? — DeepMind researchers say Reinforcement Learning is the core technology that’s required for current (narrow) AI to become “real” (general) AI. As a non-expert in the field, this sounds right to me. I even wrote my prediction for the nature of consciousness, and how to build a conscious machine, here in 2017. In short, I think humans benefited greatly from the concept of reward and blame, which is dramatically helped by believing one is responsible for his actions. So I think there’s a chance that if you game systems against each other for doing more complex tasks, like defending a village at night, you might accidentally end up with agents that have a sense of experience and responsibility. Not any time soon, but eventually. It’s like Daniel Dennett said about consciousness. “Consciousness is a bag of tricks.” Agreed, and I think RL can produce a lot of the weird designs that can end up at AGI and/or consciousness. More Paper


NOTESI am getting ready to go into major health-improvement-mode. As part of that I’m reading David Sinclair’s book, Why We Age and Why We Don’t Have To. Fascinating stuff. I especially love that when he’s putting his own ideas forward he’s reminding the reader of which studies are well-replicated and which aren’t. And the stuff he’s talking about closely maps to other stuff I’ve read and liked, such as How Not to Diet. More


DISCOVERY   Who is Going Back to Work? — A16z did a survey of companies to see who was going back to the office vs. staying remote or going hybrid. 10% are moving headquarters. 25% going “remote first”. 2/3 going hybrid. More

Oylaw — Manage your OKRs in Slack. More

InfoSec Core Competencies More

Quotes Do Funny Things in Remote SSH Commands More

How to Turn off Amazon Sidewalk More

Ubisoft released a stunning trailer for its Avatar game coming in 2022. More

The Psychological Benefits of Commuting to Work More

DEFCON 29 Speaker List More

America Without God More

The Work-from-Home Future is Destroying Boss’s Brains More


RECOMMENDATIONSWhy We Age and Why We Don’t Have To — A book that provides a unified theory of aging. I don’t know if the theory is correct, but everything about how this author lives and conducts his research resonates with me. The book will be useful even if the theory ends up being incorrect. Highly recommended. More


APHORISMS“Humor is the only test of gravity, and gravity of humor; for a subject which will not bear raillery is suspicious, and a jest which will not bear serious examination is false wit.”

~ Aristotle