Daniel Miessler's Blog, page 50

My buddy Jason tweeted this recently and it got me thinking.

I've seen two completely opposite sides of the spectrum this week. Someone big in a community quitting content creation due to it being so difficult to sustain and toxic. Another, quitting their 9-5 to go full-time on content creation for personal freedom. Crazy.

— Jason Haddix (@Jhaddix) May 7, 2021

Like him (we just talked about it as well), I have also seen lots of people fly towards the sun of content creation only to be thrown back to Earth.

Ok, that was a little dramatic. But basically, the cycle goes:

Regular jobs suckI’m going to be a content creatorOMG this is awesomeDamn this is hardWhy isn’t my stuff getting the love this other creator is getting?OMG that’s toxic as shitNo, I won’t give you that for freeI should make a class and charge for thisNo, I’m not a sellout shillI’m going to get a regular job

I’ve literally seen this cycle dozens of times.

But rather than just rant about how you shouldn’t do content creation, I’m going to tell you what I believe to be the a formula for doing it in a healthy and sustainable way.

3 Brown One Blue Makes Math Videos

Make sure you enjoy making your content separate from peoples’ reaction to it. You really have to know yourself on this one. Don’t lie to yourself. Ask yourself if you’d be making the content even if it could only be seen by 100 people.Try to make content that’s evergreen, or as close as possible to it. A great example is 3 Brown One Blue, whose name is Grant Sanderson, who makes videos explaining math and science. Make sure you can happily take breaks for days, weeks, or even months at a time. If you can’t take a break you don’t have a hobby, you have a prison job.It’s ok to enjoy nice comments, but don’t get to where you need them. You want to be in a place where you don’t need praise but are happy to get it when it comes. Almost like you’re making the content for yourself, and you’re separately happy if someone else happens to enjoy them.Don’t compare yourself to other creators’ popularity or statistics. If you find yourself doing this, the dark path you have taken. Suffering in your future there will be.

Or, as a single sentence:

Make evergreen content—mostly for yourself—and don’t worry about taking short or long breaks.

If you can successfully maintain that frame of mind, content creation can be extremely rewarding. But once you see yourself breaking any of these rules, you’ll start crossing into an unhappy relationship with something you love. That’s when it’s time to re-evaluate and try to get back to the sentence above.

What this means for most people is making sure it’s not your only way of making money. That means having a regular job that allows you to safely take breaks.

Bottom line: if you ever feel compelled to make content, and you have this stressed and unpleasant feeling about it, you’ve strayed from the path.

Find your way back.

SECURITY NEWSFBI and CISA have released new tactics being used by Russia’s SVR. SVR is also known as APT29 and CozyBear, and are believed responsible for Solarwinds and other attacks. They’re believed to primarily target government networks, think tank and policy analysis organizations, and information technology companies. TTPs have moved from installing malware on networks to attacking cloud email services, such as Microsoft Office 365, password spraying, and targeting VPN services. More 

CISA has released an advisory regarding real-time OS (RTOS) ICS systems. More

Industry experts have submitted an 81-page report to the Biden administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem using a combination of techniques, including disrupting payments, prosecuting attackers, and disrupting services that support the ecosystem, including forums where services are sold. More

Python library ipaddress is vulnerable to a critical IP address validation vulnerability first found in the netmask library earlier this year. It basically causes leading 0’s to be stripped off of addresses, leading to the ability to bypass filters. More

Krebs says Experian had a leaky API that exposed most Americans’ credit scores. More

Censys found more than 1.93 million databases exposed to the internet on cloud servers. Most it found were MySQL, followed by Postgres and Redis. More

Kaspersky says it found new malware it believes was created by the CIA. More

The NYPD has canceled the use of its robotic dog due to public backlash. More

US Navy SEALs are shifting from counterterrorism to global skills such as electronic warfare and unmanned systems for the purposes of collecting intelligence. More

Vulnerabilities: Microsoft released updates to at least 110 security issues in its monthly patch Tuesday release, including 4 updates to Exchange. More Microsoft has identified two dozen RCE vulnerabilities in IoT and OT devices that are being called BadAlloc. More Cisco firewalls have several remote accessible vulnerabilities that have patches available. More There are patches out for Samba. More QNAP warns of AgeLocker ransomware attack. MoreIncidents: ParkMobil had a breach that exposed license plate and mobile number information of 21 million users. MoreCompanies: Vectra AI has raised $130 million to do AI-powered SOAR. More
TECHNOLOGY NEWSGoogle is going to be experimenting with new office designs as employees return from COVID. They’re targeting September for the first returns, and are going to be strongly encouraging—but not requiring—that returning people are vaccinated. In the meantime, they’ve saved $1 billion dollars by not having employees onsite, but that doesn’t factor in any productivity difference. More

Amazon is spending $1 billion to raise operations workers’ pay by up to $3 dollars an hour. More

Tesla is upgrading its Powerwall 2 systems to Powerwall+, which have the same capacity but higher surge output. More

The Linux kernel now has over 1 million commits. More

Companies Amazon’s net sales increased 44% in the first quarter of 2021. More Microsoft’s revenue increased 19% in the first quarter. More Google’s revenue grew 34% in the first quarter. More
HUMAN NEWSPfizer is currently testing a COVID cure with 60 individuals. If successful, this would be used in patients who already had COVID as opposed to the vaccine which is used to prevent getting it. More

The measures taken to control the spread of COVID have nearly eliminated influenza worldwide. US deaths from flu in the 2020-2021 season was around 600, and in the years before it was 22,000 and 34,000. More

California is looking to stop Nestlé from taking millions of gallons of its water. More

Global electric vehicle sales grew 41% in 2020. More

Soaring lumber prices are adding $36,000 to the cost of a new home. More

Biden has proposed ARPA-H, a DARPA for cancer. Love it, but CARPA or HARPA makes more sense I think. More

Over 3,000 cargo containers fell off ships last year, and we’re already past 1,000 in 2021 due to pressure to speed up deliveries causing more accidents. More

There is now a Journal of Controversial Ideas (JCI). More

A new study shows that consumption of sugar-sweetened beverages, and high BMI independently, are associated with lower testosterone in men. More


CONTENT, IDEAS & ANALYSISExplaining Threats, Threat Actors, Vulnerabilities, and Risk using a Real-world Scenario — My expansion of a tweet by Casey Ellis on how to think about these key infosec terms. More

A Summary of Balaji Srinivasan’s Thoughts on the Future — My parsing of a fascinating 4-hour conversation between Balaji Srinivasan and Tim Ferriss about future trends. More

Magnifying Big City Political Differences — One of the ideas Balaji Srinivasan talked about in the conversation I linked to with Tim Ferriss is the idea of cities becoming a lot more different from each other politically, and attracting completely different types of people. E.g., Austin seems to be tech + libertarianism. Portland seems to be hippy + anti-authority. Assuming people are mobile enough to pick up and move this could be a fascinating effect over time, with different cities becoming natural experiments around innovation and standard of living.


NOTESI finished Our Mathematical Universe and I now think about greater existence in a completely different way. Highly recommended for anyone who likes Hawking, Sagan, Tyson, or anything related to Cosmology. More

I’m currently re-reading The Red Queen, which is the UL Book of the Month. More Join Us!

As you may have noticed already, we launched our new logo as part of our ongoing site design update. It isn’t just a new visual; it has a lot of meaning built in that I talk about in the launch post. More

The UL Book Club is absolutely thriving, and we’re talking about doing more meetups, including a new mid-month meetup with a rotating topic. We’re also thinking about an in-person meetup at some point next year. Possibly a dinner at Blackhat/DEFCON and maybe a weekend getaway in Big Sur where we bring family (so we can get permission). Our monthly meet-up has become the favorite event of the month for a number of our members, me included. Turns out it’s a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It’s reminding me of the internet we were all promised but so often doesn’t materialize. You should come join us.


DISCOVERY  Profil3r — An OSINT tool for finding social network profiles. More

Weather Spark — Get a remarkably accurate visual and description of the weather in any city. More

My friend Alejandro Hernández at IOActive (where I used to work) has released new research on how stock prices are affected by vulnerabilities and breaches. He’s presenting his findings at Black Hat Asia. More

THC-RELEASE: The World’s Smallest Backdoor More

How the new US Federal CISO sees Zero Trust More

It turns out we’ve all been using our trash bags incorrectly. They’re actually shipped inside-out so you can put them on like a hat. Then you just push the whole bag down the center. Insanity. Video

The Army has new night-vision goggles, and their visuals look sci-fi/alien amazing, with outlines around objects and a crazy amount of detail. They also let you look through the scope of a rifle using wireless technology. More

A list of Significant Cyber Incidents More

All-cause Mortality Statistics for Each US State More

Welcome to the YOLO Economy More

How to make your voice sound more attractive and competent. Could also be the reason for Vocal Fry. More


RECOMMENDATIONSIf you like thinking about the future across tech, policy, government, etc., you really should listen to this conversation with Balaji Srinivasan on the Tim Ferriss podcast. It’s long, but if you’re into this stuff it’ll absolutely be worth it. More


APHORISMS
“Everyone you meet is fighting a battle you know nothing about. Be kind. Always.”

~ Robin Williams

I heard Balaji Srinivasan on Tim Ferriss’s podcast the other day talking about the future and I thought his insights were so interesting they were worth capturing.

Balaji is an angel investor and entrepreneur, and was formerly the CTO of Coinbase and a general partner at Andreesen Horowitz. I’m absolutely following Balaji’s work going forward.

Here are some of the main ideas I extracted from that nearly 4-hour conversation.

Balaji’s website.

People will want to consolidate near other people like themWe see this already where people ignore their neighbors but have close relationships with people thousands of miles away who share their ideologiesSome majors will become more like CEO’s of a city; the late leader of Singapore, Lee Kuan Yew, is a great exampleNapster and Kazaa got sued, but Bittorrent and Pirate Bay are still doing fine Ideologies:Conservative: Stay at home, not as ambitiousProgressive: Ambitious, but believes the game is zero-sumLibertarian: Live and Let LifeCryptarian: Win and Help Win: Progressive but not zero-sumGet your coins out of ExchangesLife in 2000 was basically the same as 1980, but things have changed drastically in the last 20 yearsCentral Concepts (Twitter Bio)Immutable moneyInfinite frontierEternal life1729.com: make Bitcoin by learning tasksPositive vision about transhumanismSpace is good, life extension is goodTraditional healthcare is “moving gravy around the plate”Reversing aging fixes most health issuesThe East Coast Power StructureHarvardOld mediaThat structure is fighting back against decentralization because it’s a threat to themHe’s bearish on the US and the West because they’re so established that tech is a disruptor, and Crypto represents their true and early pursuit of freedomChina is the opposite becasue the tech has lifted themZoltan Istvan for transhumanismDave Sinclair for age controlEstonia, Israel, SingaporeGoogle News put all newspapers in competition with each other, which killed off all but the top fewBig Theme: Tech increases varianceWoke capital (US), Communist capital (China), Cryptocapital (Freedom)COVID was a major military defeat for the USChina can build buildings and bridges and such, and it’s hard for us to do those things in months or yearsThe only stuff that survived COVID were built like 20 years agoLeigitimacy vs. CompetenceOld model is pedigree/legitimacyFounding vs. Inheriting: so the East Coast is inheriting and the’re struggling. And now it’s the time for the Founders.The Fossbery Flop of conscent is a problem because you’ll see constantly flipping back and forth between, say, AOC and TrumpThe future of politics could be declaring yourself a leader in an area, and you start delivering actual results, and then using Ethereum you can vote and instantly get far more than a Fossberry Flop

Anyway, some really interesting stuff.

I’m especially intrigued by the stuff around different ways of organizing society. Woke Capital. Communist Capital. And Free Capital. And the idea that people will increasingly move to cities and regions that are set up with the flavor they enjoy.

Perhaps the migration from California to Austin is an instance of that. Kind of like previous examples of Californians moving to Oregon to be more Oregon-like.

If you’re into this stuff, you should follow I heard Balaji, which is pronouned BALL-igy, by the way.

We’ve not changed the logo for Unsupervised Learning since the first one back in 2015, so we thought it was time.

But going 6 years wasn’t the only reason. Here’s what I wanted that in the new design:

More meaning related to the brandMore square vs. roundThe graphical component to be able to stand alone without the textThe design

Here’s a breakdown of the graphic’s meaning.

The visual overall of dots connected by lines is meant to signify circuitry and connections (like a neural net)The first part of the logo is an upside-down “U”, indicating unorthodoxyThe second part of the logo is an “L” for learningThe orphaned dot represents a connection that hasn’t yet been made—perpetually reminding us that there is always more to learn

The text is Advocate, by Matthew Butterick, which is used elsewhere on the site.

So I think we hit all aspects of what we were looking for, and I’m pretty happy with it.

Miscellanea

I just recreated my phone’s lock screen wallpaper to use the new logo, and here it is for anyone interested.

My updated UL phone lock screen

Let me know your thoughts on it.

NotesMy partner came up with a significant improvement to the visual part of the logo by recommending the upside-down “U” character, as well as the standalone dot. She also named the brand back when it started! 1,000,000 thanks to her!

You’ve reached a piece of member-only content.

Subscribe

If you’re already a subscriber, please login here.

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology.

Casey also added that Acceptable Risk would be being willing to get punched in the face.

threat actor = someone who wants to punch you in the face
threat = the punch being thrown
vulnerability = your inability to defend against the punch
risk = the likelihood of getting punched in the face

— cje (@caseyjohnellis) April 19, 2021

These types of comparisons are golden because they turn theory into something tangible for people who aren’t security nerds like us.

I have a full post on this as well.

I did have a quibble about the definition of risk, though, as did some others on Twitter. But I don’t think Casey actually got this wrong, or that he’s confused about this. He probably wrote that tweet in like 14 seconds, not thinking it’d get massively circulated.

But I thought it was such a good Tweet that it was worth capturing how I would tweak it and expand it into a longer form. So here’s a hybrid version of my full writeup I did a long time ago and Casey’s scenario.

The Security Scenario: Getting sucker-punched in the faceThe Threat is that someone wants to punch you in the faceThe Threat Actor is the person who wants to punch youThe Vulnerability is that you can’t currently move because you are being blindsidedThe Risk is his chance of landing the punch combined with how much damage he’ll do if hits you

That seems like a decent translation of the theory into the scenario. Now let’s look in more detail at each of the components.

The threat

The threat is pretty straightforward. It’s a negative scenario. A negative situation. It’s something bad you can describe quickly to someone. An earthquake. A hacker trying to steal data from your website. Or someone trying to punch you in the face.

The threat actor

The threat actor is probably the easiest to understand and translate between theory and reality. It’s the entity trying to do the bad thing. For most things it’s a specific human or organization, but in the case of things like earthquakes or hurricanes, it can be nature.

Everyday Threat Modeling

The vulnerability

Vulnerabilties are the most common place to look for remediation opportunities.

The vulnerability is pretty interesting in this scenario. The vulnerability is the thing that allows the attack to happen, or makes it worse if it does. In this case I’ve defined the vulnerability as being the fact that you can’t see the punch coming.

Casey’s version said that you can’t defend against the punch, but for this exercise we might want to give a more specific reason for that. Maybe you’re drunk and can’t dodge. Maybe your vision is bad because you forgot your glasses. I just used the idea of you looking the other way as an example.

The risk

One of security’s biggest problems is businesses operating within risk they haven’t even seen, let alone accepted.

The Risk is always the hardest part, and where I think most people get most confused. Again, not Casey, but other people.

The trick is that if you’re not careful you can easily define a Risk in a way that collides with Threat. A Risk isn’t just the scenario, and it’s not just the chance of a scenario happening. It’s also how bad it would be if it did happen. So that’s three things combined: 1) scenario, 2) likelihood, and 3) impact.

Acceptable risk

acceptable risk = your willingness to be punched in the face

— cje (@caseyjohnellis) April 20, 2021

As for Casey’s addition of Acceptable Risk to the mix, I’d expand on that as well. I’d say that Acceptable Risk would be something more like, “being willing to get punched in the face—but only in certain situations”.

So let’s say you’re teaching MMA to a room full of 10-year-olds, and you decide to let them all try to hit you in the face.

One should have defined reasons for taking the risks they’re taking.

You’re a 350lb boxer and you think you can take any number of punches from a group of pre-adolescents, so you’ve defined that operating with those rules—in that room—you’re taking on an acceptable level of risk.

But here’s the question: acceptable in return for what? You have to be—or at least should be—taking risk for a reason. And in this case, yes, you’re taking the risk in exchange for getting to teach them a lesson that will hopefully stay with them for life: size really does matter in fights.

Turning the knobs around remediation

Now we get to the super fun stuff, and why I find security so fascinating. There are a million ways to adjust this equation given all the components in the scenario! To reduce this risk we could:

Expose ourselves to fewer threats (don’t go watch UFC fights at bars)Never have your back to a crowd of peopleHire a bodyguard whenever you go in publicWear a helmet

If you look closely you can see that these affect different parts of the equation.

risk = likelihood x impact

Dodging would reduce likelihood, Blocking would reduce impact.

Not going to bars to watch fights reduces the number of threat actors who might punch you (probability). Not turning your back to a crowd raises the chances that you can dodge or block. Hiring a bodyguard will reduce the probability of being sucker-punched, but it could get weird if you start attracting attention from dangerous people. And wearing a helmet clearly reduces the impact of being punched (assuming the punch hits the helmet).

Thinking like a risk professional

If you’re a risk nerd like me, pondering UFC watching and punches to the face, you’d start asking yourself things like:

How much do I really care about watching the fight in a crowd of people? Why not at home?What am I willing to do to reduce my risk of being punched in the face while doing so?Am I willing to wear a helmet on the off chance that someone tries to sucker-punch me?How much will the laughs and stairs at my helmet detract from my fight-watching experience?How much money would I assign to my enjoyment of public fight-watching?How much would it cost to buy a helmet and hire the bodyguard? Is it worth it?

…and so on.

Basically, to do this type of thing well you have to really understand what you’re trying to acheive, what risks you’re willing to take to get that thing, and what knobs and levers you can adjust to make the tradeoffs worth it to you.

Summary

Threat Modeling and Risk Management are the disciplines that allow one to do these things well.

Casey is awesome. You should follow him on Twitter.Theory is nice when explaining security concepts, but using a tangible, everyday scenario is often bestPeople often confuse Threat and Risk, but Threat is just the scenario without the probability or impactIt’s super fun—and useful—to be able to break down real-world scenarios into these componentsReal businesses are making these kinds of tradeoffs every moment of every day: the only question is whether or not they’re doing so knowingly or properly.

🔥 Frontview Mirror | 2021 Edition — The first edition of my new annual look at current trends, how they may intersect, and how we might adjust accordingly. If you’ve been thinking about signing up anyway, this is a great reason! Sign Up to Get Immediate Access

SECURITY NEWSCISA, FBI, and NSA have released five enterprise vulnerabilities that are being actively exploited by Russia’s APT29 group. They affect Fortinet’s FortiOS, the Zimbra Collaboration Suite, Pulse Secure VPNs, Citrix ADC gateways, and VMware Workspace ONE. More

The FBI got a court order to access—without authorization from the target—hundreds of organizations who’d been hacked with Exchange-related web shells. Their mission was to go in and clean them up in an attempt to prevent further access and damage. My take on this? I’m basically clapping from a distance with a worried look on my face. Like, I love the initiative, and I think we need more of the good guys to be proactive like this. But I’m a bit worried about the precedent of being ok with government organizations doing such things. The problem with emergency powers is that they seldom go away after the emergency. More
 
The US has sanctioned Russia and expelled 10 diplomats in response to the Solarwinds attack. More

Google is facing major opposition to its proposed replacement for third-party cookies. The new system is called FLoC (Federated Learning of Cohorts), and it works by—stay with me—reading your browser history, and then…hey, where did you go? That’s kind of the problem, nobody is really reading past that part. It evidently has some decent privacy protections built in that try to anonymized the data, but those are hard to accept when you start by gazing at the most intimate part of someone’s online life. Like you can’t open a conversation about home privacy by saying, “We install bedroom cameras, but let me tell you about how well we secure them.” They lost me at the intro. More

NERC is a non-profit regulatory authority used by the US and Canada around electric energy reliability, and they say about 1/4 of the 1,500 electric utilities sharing data with it downloaded the Solarwinds malware. More

Norway has partnered with the US Military to allow it to build in its country. The move comes as both countries become increasingly worried about Russian aggression. More

China is producing top-quality TV shows that are actually propaganda. Imagine The Mandalorian, or Queen’s Gambit, but it makes you love the government. Well, they pulled it off with a show called Mining Town. More

Vulnerabilities: NSA found four new Exchange vulnerabilities, and Microsoft has released patches. More Juniper has patched an RCE vulnerability that allows attackers to hijack the JunOS operating system. More Adobe’s released updates to RoboHelp, Bridge, Digital Editions, and Photoshop. More Zerodium is temporarily offering $300,000 for high-impact WordPress vulnerabilities. MoreIncidents: Codecov (they do code quality analysis) got compromised by an attacker modifying their Bash Uploader functionality. You know, those code snippets that you’re supposed to paste right into your shell? The ones that everyone is told not to do? Or that you need to review the code for first? Well, theirs actually got compromised. Code was added that stole data from anyone who executed it. Kudos to the security team for actually finding the hack, though. I don’t think many would have found it as fast, if at all. More Gay dating site, Manhunt, has been hacked, with thousands of accounts stolen. More
TECHNOLOGY NEWSSpaceX won the $3 billion NASA contract to put humans on the moon. More

Citgroup Inc. says Bitcoin mining is consuming 66 times more energy than it did in late 2015. More

A new “whitest ever” paint has been developed that reflects back 98% of sunlight. It’s being pitched as helpful against climate change. More

Cloudflare has made their Pages product generally available. It basically lets you connect a web project on GitHub to Cloudflare, so when you push to GitHub it updates the site on Cloudflare. So it’s hosting plus development/deployment integration. More

After taking flack about the kinds of creators they were funding, Substack has announced they’re putting $1 million dollars into funding local journalists. More

Over 650 tech workers at the NYT have formed a union that includes software engineers, designers, data analysts, and product managers. They’ll be represented by the NewsGuild of New York, which already represents over 1,300 New York Times employees in other parts of the company. More

The FCC looks like it’s taking the Robocall issue more seriously now. It’s talking to cellular providers about their blocking tools, sending cease-and-desist letters, and is looking at how companies are implementing the TRACED act. More

Logitech has killed off the Harmony unified remote control, and people are wondering what—if anything—is going to replace it. More

Companies Microsoft has purchased Nuance, an AI company, for $16 billion to focus on healthcare technology. More Dell is spinning out VMware. More Squarespace has filed for a direct listing on the NYSE. More Scale AI, a startup that helps companies label and curate data for AI applications, says they just raised $352 million and are now valued at $7.3 billion. More
HUMAN NEWSHalf of US adults have received at least one dose of a COVID vaccine. More

There are millions of job openings in the US while 17 million are still collecting unemployment. There appear to be multiple reasons for this, including people still being worried about COVID, and the fact that many of the open jobs pay the same or less than what people are getting from unemployment. More

The Western US might be entering its worst drought period in modern history. More

Nassim Taleb says Bitcoin failed as a currency and that it’s now pure speculation. More

A new study has found 500 genes that link depression and anxiety. More

The EPA approved a private company releasing GMO-modified mosquitos into Florida. The technology is designed to combat dengue fever, Zika, and other mosquito-borne viruses, but there is pushback from the community. More

Reuters is switching to a pay model for a subset of its deeper analysis content. More

UFO sightings are getting seriously interesting, which is not a sentence I ever anticipated writing. I don’t really follow the scene much, but it seems casually to me that the quality of the people/sources reporting legitimate UFOs (unexplained things, not actual aliens) is rising. This new footage taken by the US Navy is quite strange indeed. It’s a bunch of triangle-looking objects acting very strangely. I personally think these are likely to be quite terrestrial, i.e., probably other US craft, or drones out of China/Russia. But I really do hope they’re part of an alien Doomsday Defense Force, just hanging out to keep us from destroying ourselves. That’d be nice. More


CONTENT, IDEAS & ANALYSISA Dogecoin Primer — Dogecoin is blowing up right now. It was at six cents like two weeks ago, and now it’s up between 25 and 50 cents. Here’s some basic information on it just in case it comes up in conversation or you are thinking about spinning the wheel. More

Thinking About Different Types of Digital Value Exchange — Some thoughts on all this talk around cryptocurrencies, NFTs, micropayments, and how I think about them. More


NOTESI’m currently reading Tegmark’s Our Mathematical Universe. It’s knowledge about the known universe that’s many levels of depth further than I’ve heard any other place. More

I’m also reading our UL Book Club book of the month, which is The Island of Dr. Moreau. More

Next, I’m going to be deep-diving into a number of Matt Ridley titles, including re-reading The Red Queen, which is about evolution. More


DISCOVERY  Malwarebytes — My go-to anti-malware tool on Windows and Mac. It’s what I recommend to everyone, and have been for nearly a decade. And as a show supporter, they’re offering us 25% off. [SUP] Get Your Discount Read Their New SMB Cybersecurity Trust & Confidence Report

What I Wish I Knew About U2F and Other Hardware MFA Protocols More

How to Read a Watch Bezel More

A reporter at The Register says a British MP told him that Google GMail was more secure than Microsoft 365. That feels intuitively true to me, and I’m guessing most infosec people would agree. More

TIL Israel has sex surrogate therapy. Fascinating. I wonder how this affects their incidence of incels, and if something similar could work in the US? It can’t because we’re different. But what would you think about such a thing? At first thought, I think I’m pro. More

Why Most Nonfiction Fails to Make Money More

China is Betting That the US is in Irreversible Decline More

Use console.log() Like a Pro More

A Kubernetes pentesting methodology. More


RECOMMENDATIONSIf you hit the “/” key on your keyboard while on Google, you’ll jump back to the search field. This is a Vim command, and it’s very cool. One problem though: I never use the Google web page: I search from the URL bar. But if you use Google’s site, this will be magical for you. More

High-quality audio evidently makes you sound smarter. So if you’ve been putting off a mic/production upgrade, maybe go ahead. More


APHORISMS
“Complete possession is proved only by giving. All you are unable to give possesses you.”

~ Andre Gide

I’m using this post as a place to take some notes while thinking about this whole NFT/blockchain thing.

The way I see it there are multiple things happening at the same time, but with a common theme: low-friction, granular value exchange—done digitally.

To me this is a human development, not a technological one. It’ll be done digitally, and therefore with some sort of tech of course, but that tech doesn’t have to be blockchain, and it doesn’t have to be on any tech that even exists right now.

But here are the things that I think humans want, and therefore that I think are inevitable on some timeline and in some form.

Peer-to-peer Value Exchange — a.k.a., micropayments. Examples: tipping for physical services, tipping for good content online, rewarding kindness, etc.Creator Economies — Influencers, artists, creators (whatever you want to call them) create their own coin on the blockchain and they offer different levels of access for X amount of that coin. Loyal fans earn currency just by being awesome fans, but you can also buy and sell the currency for real money. And there could even be sub-coins that can only be earned by loyal fans and aren’t for sale. And of course, different levels of access and perks are only available to people with certain amounts of certain types of coin. This is just like Patreon (tiers or service) or Twitch bits, except in an actual digital currency customized for a creator.Granular Investment — Investing is prohibitively difficult not just because of the knowledge required but also the capital. Most people don’t have large quantities of money lying around. In addition, there are only certain things that you can invest in. You can invest in stocks and bonds, for example, but you can’t invest in someone’s career. Or your favorite sports team. Or your favorite influencer. Soon we’ll be able to do that. You’ll be able to invest small amounts of money in almost anything that has or could have value in the future. That includes real-world things like someone’s future earnings, or ephemeral/digital things like a one-of-a-kind sword for a popular game.

On the last one here—Granular Investment—I’m prepared to make an actual prediction. Like, a real one.

I think we’re about to see a type of company pop up that manages micro-investments for “the other 90%” of the planet. Kind of like a distant cousin of Affirm, where you can buy lots of stuff spread over time, this is where you can invest in lots of stuff—in tiny amounts—that accrue over time.

Here’s an example: Andrew loves Disney. His whole family does. He doesn’t invest in the stock market and doesn’t really plan to. But he’s smart and he knows that Disney+ is big. He signs up for one of these fictional new companies called Fraction, and he logs in.

He sees that he has the option to connect his paycheck to Fraction, or to push a certain amount of money to Fraction every month. And he also sees a giant wall of logos. Media companies, favorite TV shows, celebrities, sports stars, influencers, YouTubers, etc. In fact, he can type virtually anything into the search box and they’ll come up. From investing in Gold to investing in his friend’s blog.

So he goes through and selects a bunch of stuff he likes:

Disney+ (Company offering)Marvel (Brand)Star Wars Mandalorian (Show)Star Wars Obi-Wan Kenobi (Show)Frozen Princesses (a meta group)Smitten Ice CreamUnsupervised Learning (my newsletter/podcast)

Once those are all checked, he then uses a pie chart and some sliders to decide how much of his monthly budget goes to them. So whether he has $5 dollars a month to spend, or $3000 a month, he starts squirting investments in them.

Then he does the same for donations! So this is the granular level of support he gives his influencers per month, just because he likes them.

Then, everywhere that creators have a presence, e.g., YouTube, Twitch, their websites, their podcasts, etc.—there’ll be a Fraction button (or some generic form of that button), which allows people to click on it and give kudos. Meaning money.

How much money?

That depends on how much they’ve designated as being available for that budget within their Fraction account! So if you have $100 in your Fraction budget every month and you give 100 kudos, everyone gets a dollar. And if you only give 2 kudos, they both get $50 dollars.

A company called Flattr tried this years ago, but they were just too early.

You might also be able to give money to other people, but only in their PIF (Pay It Forward) account, which means they don’t get it directly but it goes into their budget for giving to creators.

You can also give money in the form of investing for someone through Fraction. So if Andrew does something cool for me, I could give him $500 dollars in investment in Marvel, which instantly gets added to his own Fraction account.

Anyway, the point is that all of this will likely be made possible by either a blockchain or some other technology that works like a blockchain. And with digital currency like Doge or Bitcoin, or something that works just like it.

I think everything on this page is 100% inevitable because it’s a natural evolution of how humans will interact with each other. What I don’t know is when it will happen or whether any of the tech we have right now will be part of it.

It could all happen this year built on Ethereum and Dogecoin (which I’ve invested in by the way), or those technologies could completely die off and get replaced by something else.

I think it’s important to think this way, i.e., about what parts of a given movement are the human layer and which are the implementation/tech layer. It’s possible to make some really bad predictions—and investments—if you confuse the two.

So that’s pretty much it.

When people are talking about crypto, and NFT, and micropayments, and all this crazy stuff we’re hearing right now—take the time to break them into their components.

I think in general they fall under a banner of “new ways of doing value exchange”, but I like making the delineations and assigning some labels.

It helps me think about them more clearly.

Crypto (“coins” not “graphy”) are going crazy, and one of the strangest ones is DOGECOIN. Here’s a basic primer captured in bulletpoints.

It was created in 2013 by Billy Markus and Jackson Palmer. They were at IBM and Adobe at the time.The coin’s mascot is a dog—specifically a Shiba Inu, which is an ancient Japanese breed used for hunting.

Watch The Exact Moment Dogecoin was named after.

Dogecoin is pronounced, DOHJ-coin—like Dodge the truck, but with a hard “o” and soft “j” sound, like Taj Mahal. This is not up for debate, as this video has Jackson Palmer stating this very clearly.

The pronunciation comes from Homestar Runner where his buddy spelled “dog”, “d o g e”, and Strongbad said, “Dohj”? So yes, this currency was seriously named by Strong Bad.

The original meme image.

The Shiba Inu dog is also part of a meme known as Doge (pronounced “dohj” like above). It’s basically the internal dialog of a Shiba Inu dog speaking in broken-dog-English, all printed on a picture of a dog in Comic Sans text.Elon Musk has been pushing Dogecoin heavily—seemingly mostly as a joke, but you can never tell with him. At one point he said that it’d be super ironic if a coin started completely as a joke ended up taking over. Plus he keeps tweeting about it with allusions to the moon.Dogecoin is a proof-of-work coin based on Luckycoin, which is in turn based off of Litecoin.Dogecoin is an “inflationary” coin because there is no limit on how many can be mined. This is in contrast to Bitcoin, for example, which already has a maximum built into the system.Most investors don’t see Dogecoin as a serious play because of its history and the fact that there’s no limit to how many can be made.One possibility of legitimization, however, hinges around using it as a casual, friendly, and fluid exchange of small amounts of money, e.g., for tipping, or for donations to creators for their content.