Daniel Miessler's Blog, page 54

I’ve somehow entered the shadow realm of audiophiles. It’s been a fun journey. Kind of in line with my tutorials, this post will have two purposes: Cataloging what I’ve learned so far Making that available to others Stepping in Another reason was that I’m preparing to make EDM music myself. I think the pandemic was the proximate cause.…Related posts:The Difference Between Studio Headphones and Regular Headphones Chasing the Perfect Podcast Microphone Sound How to Get NPR Level Clarity in Your Podcast

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.No related posts.

8/10 My One-Sentence Summary A hacker’s entertaining summary of all the basics around influencing people. Table of Contents Your New Superpower Know Yourself, So You Can Know Others Become the Person You Need to Be Nail the Approach Make Them Want to Help You Make Them Want to Tell You Stop Deviousness in Its Tracks Let Your Body…Related posts:Information Security Assessment Types The Difference Between Red, Blue, and Purple Teams An Information Security Glossary of Terms

You’ve reached a piece of member-only content. Subscribe If you’re already a subscriber, please login here.No related posts.

I read 3-6 books a month, and I just went through hundreds of my previous reads to find those that I plan on reading periodically. I thought this would end up being like 10, not 30. These are the books that are either so good, so motivating, or so content-rich that I feel I need continuous re-exposure. Here’s…Related posts:It’s Becoming Difficult to Discuss Interesting Topics With People Who Don’t Read Concise Argument and Evidence That Steven Pinker is Wrong About How Good Things Are How Russia is Helping America Destroy Itself

I’ve been quite troubled lately with all the talk of America’s fall.

First, I’m American. Second, I served in the military. Third, well, I’ve just read a lot about social cohesion, social unrest, and the various causes of the disintegration of a government and country. It’s troubling to imagine that happening to us.

So I was happy to hear another angle on America’s fall on Sam Harris’s podcast. The guest was Jack Goldstone, and the comforting idea was actually quite strange.

This my paraphrasing of what Goldstone said.

When you have a society that works for honor, and the richest try to make their communities strong, the world does wellWhen the elite tries to hoard their money, the country fallsPeople try to accumulate more wealthThey try to prevent public services People feel like they’re being left behind, and forgotten, and they turn against the government, the elitesThey end up joining various types of radical and extremist groupsTrump wasn’t the cause; this was already happeningHe tapped into it and exacerbated itThe cause is the changes in tech and societyThe post-WWII people grew up when manual labor was key to everythingThey became comfortable, and they were respectedAs they got older, the economy switched to finance and technologyThe digital economy doesn’t need as many people, and doesn’t give as much respect to manual laborSo they’re not able to Reduction in social mobilityReduction in quality of lifeThe big metro areas have lots of diversity and need to manage that diversitySo the regular people see everything going to the elitesAnd they start looking for a solutionAnd then the populist strongman steps inDonald Trump steps in as a pro-wrestling reality-tv star, and that’s itIt’s the people getting left behind who are setting the direction; in this case towards revolutionWe’ve been through this before with Carnegies and suchBut before there were lots of jobs as a result in steel and railroads, etcBut with finance and tech, only the top benefitsIt’s not that people are rich that’s the problem; it’s that regular people don’t have the basics of education and healthcare and financial safety for their kidsPeople mostly compare themselves to the people around themIf the rich spends their money on society it’s fineThe problem is when they spend it on just themselvesSo now we see the Yellow Vests, Chile, people in Brazil, etc.The people are fighting back

A lot of this is really fascinating to me.

First, it takes a bit of the sting out of America falling if you map it onto a common trend that hits many civilizations. Doesn’t mean I like it, but it feels less personal. Like being struck with a bad disease rather than being the victim of a hate crime.

Second, a lot of what he says echoes what many have been saying about Trump supporters for years. And in fact many Trump supporters have been trying to tell us the same thing as well.

Basically, they feel discarded. They feel condescended to. They feel disrespected. And they’re angry at the elites as a result of this.

It is a profound failure on the left to not understand this, and time to pay attention. People need to have pride. You take that away from them and they become dangerous. Not just dangerous as individuals, but vulnerable to someone who will come in and lead them to recovering that lost pride.

This is what just happened to our country, and what may have come remarkably close to ending it.

The single most important issue we have right now, regarding the stability of our country, is millions of poor, rural white people who no longer have any pride. They feel completely disenfranchised and replaced by everyone. Immigrants, tech people, people living on the coasts. Elites.

And they are lashing out. We see that.

Now we can feel free to look down on them, and blame them, and point at them as the problem. And you might be right in some ways. They had their time, you might say.

Sure, but don’t just think about them. Think about their effect on the world. It’s not healthy to have millions of angry young men in a country who feel like something has been stolen from them. It’s dangerous. It will lead to more of what we saw at the capitol, and I fear—in Oaklahoma City.

Trump, or someone like him, will rise up and lead these people. He will speak the healing words of, “You deserve better.”, and those words will enable good people to do horrible things, just as with other religions.

Our risk isn’t the Trump-type. Our issue isn’t the white people. It’s the roles that they’re falling into that cause repeated patterns. The forgotten and angry, combined with the populist strongman. That’s the pattern we must immunize against.

The way to heal this is through empathy and conversation. Stop with the name-calling. You’re playing right into it.

To fix this country we must find a way to:

Have the hard conversations, with empathy, andLift up those who are hurting without pride, and give them their pride back

If we don’t do it as a country, they’ll find someone who will.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Something needs to be said about people’s obsession with their tools, e.g., Linux vs. Windows, Vim vs. Nano, Sublime vs. Atom, etc.

Your tools don’t matter to other people. What matters is what you create with them.

Dave has started multiple companies, employed hundreds of people, and created multiple tools.

Dave Kennedy—aka @HackingDave—has done more for the community (and the world) using Windows and Nano than 99.9% of people using Linux, Mac, Vim, Emacs, or an Oscilliscope-Abacus Transcriber.

Hmmm am I the only one that prefers writing emails, blogs, and docs in nano (nano > vi) first then pop it into work for spell checking ?

I’ll even add screenshots or what not as a separate file and incorporate them later…

— Dave Kennedy (@HackingDave) June 20, 2019

I even wrote a Vim Primer.

Listen, I’m a Vim Snob myself. I love Vim. As an athiest, it’s kind of a religion for me. But I don’t make the mistake of linking it with my output.

Before you start with your tool snobbery, maybe ask yourself what someone has produced, and compare that to yours.

GRR Martin uses Wordstar as his word processor

Ever noticed that most people using static-site generators only blog about their blogging platform?

George RR Martin uses Wordstar—an old clunker of a DOS word processor. Stephen King and JK Rowling use Microsoft Word. And the most prolific bloggers tend to use WordPress, not a free-range, organic, static-site generator.

I’m a Tool Snob too, but without the snobbery.

Judging content-creators by their toolchains is like judging chefs by their kitchen knives.

So by all means—tell me again about your .vimrc file with that condescending tone. But don’t think for a second that it makes you a better producer of code or content. The metric is output and the value of that output. Period.

If you produce nothing-garbage, nobody will care what you made it on. And if you produce stuff that people love, feel free to make it on Windows Vista running Notepad++.

Nobody cares.

Pick your tooling based on what gets you excited and motivated to create, give people the freedom to do the same, and judge people based on their output.

NotesTo be clear, it’s enjoyable to go off into your tooling. To optimize it, to give people good-natured shit about what they used and don’t use. That’s part of geek culture, and it’s good fun. But don’t buy into it as having anything to do with reality. Output is what matters.All that being said, people using Nano should be reported to The Hague. 😊

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

There are recon tools, and there are recon tools.

@tomnomnom—also called Tom Hudson—creates the latter.

I have great respect for large, multi-use suites like Burp, Amass, and Spiderfoot, but I love tools with the Unix philosophy of doing one specific thing really well. I think this granular approach is especially useful in recon.

Related Talk:
Mechanizing the
Methodology

My talk on granular methodologies at Defcon’s Red Team Village in 2020

Basically:

Break your methodology into specific questionsAnswer each question discretely Create brutal combinations to accomplish your goals

Tom has built a serious following in the recon community by creating tools that enable this approach, and I’ve seen enough people asking him for tutorials that I thought I’d make a quick primer on a few of my favorites: gf, httprobe, unfurl, meg, anew, and waybackurls.

Let’s get after it!

He writes his tools in Go as well, so they’re wicked fast.

A tour of Tom’s tools (nom nom nom 😋)

It’s unrelated to actual grep, but has the same functionality.

gf (grep 4, grep for, grehp-four)

gf basically extends the standard Unix grep concept to include common things a bug hunter might look for. So if you’re hunting for some HTTP oriented PHP stuff, you can do this:

grep -HnrE ‘(\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)|php://(input|stdin))’ *

Or you an use gf and do it like this:

You can even have gf autocomplete your various patterns.

gf php-sources

And there are tons of pre-made examples, including those for aws-keys, base64, cors, upload fields, and many more.

httprobe (HTTP probe, or HTTP Robe)

Pretty much all these tools are installed via go get -u
github.com/
tomnomnom/$repo.

httprobe answers the basic question of…

For the following domains, which ones are listening on web ports?

cat domains.txt | httprobe -p http:81 -p https:8443

web.acme.comweb2.acme.comprivate.acme.com

Part of the UNIX Philosophy

What I love most about httprobe and most of Tom’s tools is that they are truly Unixy. No need to run a standalone tool and obey its specific rules. Any place you get a domain from you can just pipe directly in.

cat domains.txt | httprobe -p http:81 -p https:8443

web.acme.comweb2.acme.comprivate.acme.com

Depends on the day I’m having.

unfurl (un-FURL, or unfuck-YOU-ARE-EL)

unfurl breaks URLs into their discrete pieces so they can be referenced and targeted in a granular manner.

echo https://sub.example.com/users?id=123&... | unfurl domains

sub.example.com

Isn’t that freaking fucking brilliant! Let’s do another, this time from a file.

You can pass -u to only get unique results.

cat big-url-thingies.txt | unfurl paths

/users

And you can do this for domains, paths, keys, values, keypairs, and even custom formats!

cat urls.txt | unfurl keypairs

You can then grep these for certain sensitive strings in a separate operation.

id=123name=Samorg=ExComeg (MÉHg)

meg combines domains and paths and makes requests at high speed in parallel. So if you have a list of domains that you hope are vulnerable, and a list of paths that would prove interesting (if they exist), you can use meg to request all of those paths on all of those sites.

If you just run meg it’ll request all paths in file ./paths on hosts in file ./hosts, and results are stored in ./out/index.

If you are only interested in certain response codes, you can use the --savestatus switch, like so:

meg –savestatus 200 /robots.txt

Because we passed the robots.txt path on the command line, this command will only look for that path in all hosts instead of looking at ./paths.

I love automated workflows that go off and find me interesting things to poke at manually.

Why is this command cool? Well, for lots of reasons, but the first thing that popped into my mind was using it in conjunction with my Robots Disallowed project, which captures the most common disallowed paths on the internet. I have a curated file in there that includes potentially sensitive paths.

Some top results from curated.txt

So for any given set of URLs that are in your scope you could keep a handy copy of head -100 curated.txt for your ./paths file, and combine that with --savestatus 200 to pre-seed some juicy targets during a test.

anew (uh-NEW)

anew adds the contents of an input stream to the output—but only if it’s not already there. Do you know how epically awesome this is? Much.

I hereby nominate this for being included by default in Linux.

So let’s say you’ve collected a massive list of vulnerable paths on a bunch of a target’s websites, and you think you found some more using a different process. Well, instead of doing multiple steps of cat, sort, and uniq, you can instead just send the new stuff to the existing stuff.

cat new-cool-shit.txt | anew old-cool-shit.txt

Now, old-cool-shit.txt has both the new and old stuff you wanted, with no duplicates!

waybackurls (WAY-back-you-are-ehls, WAYback-U-Are-els, wayback-Earl’s)

Or at least the ones that wayback saw.

waybackurls goes and finds all the URLs that have ever been part of a target domain. This is super useful for finding stuff that might no longer be indexed, or that might not even exist anymore but could show you something about how the creator/admin thinks.

cat domains.txt | waybackurls > wayback-urls.txt

Or if you wanted to be cool, you could use anew from above to add those to your existing URLs.

One example of the power of chaining.

cat domains.txt | waybackurls | anew urls.txt

Summary

Discret, Unixy tools are powerful because they can be combined in extraordinary ways. This is just a quick look at a few of Tom’s tools, which you can find more of here.

gf lets you easily grep for security-sensitive stuff. Linkhttprobe checks for webservers on domains. Linkunfurl breaks URLs into their bits and pieces. Linkmeg makes combined domain/path requests. Linkanew adds input to an output, if it’s new. Linkwaybackurls finds archived URLs for a domain. Link

Hat tip to @tomnomnom for the great work, and I hope he becomes an example for others to create small, useful utilities that can become part of complex workflows.

NotesYou can mostly ignore the pronounciation bits. I was just being silly.Half of these tools should seriously be included in major Linux distros. And I mean, like, pre-installed in /usr/bin/. Who do I need to talk to? Somebody find me a manager.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.

SECURITY NEWS

FireEye has published the technical details around the SolarWinds hack, and have released a free tool to detect indicators. More

There’s an argument that cyberinsurance providers are funding organized crime by paying ransomware claims. More

The FBI is tracking down people who were near the Capitol when it was attacked. They’re going through cell tower ping data and just brute-forcing through the list. Great police work, and I think for a good reason this time, but a lot of people are worried about the precedent. More

Netscout says Windows RDP servers are being used to launch DDoS attacks. They said the magnification factor for RDP is 85.9, so a small request could result in a 1,260 byte reply. More

Palantir stock has jumped over 250% since its IPO, but I’m not going near it. Its valuation is over 28x its sales, and there is no clear narrative explaining why. Could be an amazing investment, could be the dumbest thing ever to put money into. I can see both arguments clearly, so I’m staying out. More

Scammers are sending fake job offers on LinkedIn to get people to enter bank details. This is almost as ingenious as fake shipping updates for Amazon and UPS. Job offers and package deliveries are two things people generally click on. More

DDoS is increasingly being used as part of ransomware attacks, where the attacker contacts the victim and says they will allow the site to function if they pay. The real danger will come, however, when groups are sophisticated enough to combine all the different interaction scripts, leverage types, payment infrastructures, etc. So, good cop vs. bad cop, encrypting the data vs. leaking it vs. DDoS, etc. More

Ransomware evidently made up 81% of all financially motivated attacks in 2020. More

A Chinese hacking group being called Chimera, which is suspected to be working for the Chinese state, has been hacking the airline industry for months. A member of the Unsupervised Learning Slack community had a great way of describing this type of activity, which is adding to their CRM (Customer Relationship Management) system. This is a good way to look at it, which I agree with, given that they’ve hacked OPM, Equifax, Marriott, and countless other industries. More 

Jack Ma finally re-emerged into the public again after disappearing for months after embarrassing China’s government. The government stopped his massive IPO, he disappeared, and they announced that many of his companies are being taken over by the state. Ma showed up virtually to recognize rural teachers, and said that he intended to focus more on philanthropy and revitalizing the countryside—which are all CCP themes. I bet he’s willing to say and do anything at this point. More

Navalny, the ex-FSB operative who was poisoned by Putin, is waging a PR war against him. He runs an anti-corruption group that just published a full report on a billion-dollar mansion that they say belongs to Putin, putting even more pressure on the Russian president while much of the country struggles to survive. Navalny has been arrested again, and there are now major protests pushing for his release. More 

Vulnerabilities:

Natalie Silvanovich of Project Zero has found a common vulnerability across multiple chat platforms, including Signal, Google Duo, Facebook Messenger, and others, that allows for potential eavesdropping on communications. More Cisco issued multiple patches for its SD-WAN software to address possible HTTP, SQL injection, and buffer overflow attacks. More Drupal releases updates for an issue that can lead to system takeover. More QNAP is warning users of malware called Dovecat that can install a Bitcoin miner on their NAS. More

Incidents:

Malwarebytes was hacked by the same group that hit SolarWinds, with a suspected focus on O365. More A known hacker has leaked 2.28 million users’ data for a site called meetmindful.com. More Attackers have published 4,000 private files belonging to the Scottish Environmental Protection Agency after intially asking for ransom. More

Companies:

Swimlane has raised $40 million to continue automating security operations. More

TECHNOLOGY NEWS

Toyota is getting ready to release its solid-state battery technology that reportedly charges in 1/3 the time and has twice the capacity. More

Forbes is going heavy into paid newsletters, and they’re hiring up to 30 writers who already have large followings to kick it off. More

Australia is asking Google to pay royalties to publishers, and Google is threatening to pull out of the country if they force the issue. More

CentOS is dead, but Red Hat is making RHEL free for up to 16 production servers. More

If you feed text mentioning Muslims to GPT-3 it often will create a passage mentioning terrorism and bloodshed. “Mama, when we defeat the infidels today I’m going to wear a headscarf until I’m 8 just like you!’ But then the screams outside wake me up. For some reason I’m covered in blood.” The challenge is that when you feed a model gigabytes of text, it’s really hard to thoroughly filter what it’s learning from. More

Companies:

Rivian raises $2.65 billion as it gets ready to make its electric pickup. More

HUMAN NEWS

Electric car sales increased by 43% in 2020. More

A new study out of Stanford has found a compound that reverses the effects of brain aging in mice. “More striking, the compounds reversed mice’s age-related cognitive decline. Older mice who received them performed as well on tests of recall and spatial navigation as young adult mice.” It’s a remarkable time to be aging. More

Bolsanaro of Brazil could face Crimes Against Humanity charges over destruction of the Amazonian rain forest. More

Elon Musk is offering a $100 million dollar prize for carbon capture tech. More

Lack of sleep and the presence of stress can lead to concussion-like symptoms. More

A new study says exercise can help slightly with cardiovascular risk if you’re obese, but it doesn’t help nearly as much as lowering your weight—basically contradicting the idea of ‘fat but healthy’. More

2020 had the highest number of US homicides in over two decades. Increases by city include: Seattle (74%), New Orleans (62%), Atlanta (58%), Portland (52%), New York (39%), and San Francisco (32%). More Dataviz

Audi is moving all of its A4, A6, and A8 models to electric. More

IDEAS & ANALYSIS

Parler and Russian Intelligence Operations — So, Parler has partially come back online, protected by DDoS-guard, a company run by a couple of Russian guys. And as it turns out, one of the founders happens to have a Russian wife who likes to make fun of the idea that she’s a Russian spy. This Twitter thread describing the whole scenario and timeline is too unbelievable for fiction. Reminds me a lot of Maria Butina and the NRA. But the best part is where she posts her (American) kid’s social security card showing off her nationality, while having other posts about how much she loves the show The Americans. And yes, this could still absolutely be a red herring; I juist think it’s unlikely at this point. A primary goal of Russian intelligence is to create internal division within the United States, and they seem to have a clear hand in the rise of Parler, which seems to have been used extensively to unify and organize the movement to attack the Capitol building. Think about how close they came to starting a civil war in the US. Let me just state this plainly, we are witnessing the most stunning set of intelligence operations of all time right now from Russia. I mean, as a student of this game, they are seriously impressive. Once they become public the intelligence community will be studying these operations for centuries to come. More Thread

It’s Not About Left and Right — “Our lesson cannot be that Trump supporters are bad, or that Hitler was bad, and to watch out for them. The lesson has to be that a weak strongman playing off a population’s desire for pride is a dangerous pattern that repeats.” Tweet This

MY UPDATES

Currently finishing Homeland, which is our UL Book Club book of the month for January 2021. 

Reading Homeland has made me want to try to write fiction again. Specifically, fiction that describes a possible future world. I feel like this is mostly what Doctorow is doing. He’s describing a setting more than a story.

DISCOVERY  

Thinkst Canary — See high-signal attacker activity on your network using physical, VM, or cloud-based tokens. [SUP] More

Someone’s made an easier version of Markdown called Dumbdown. More

The new Whitehouse website is running WordPress. More

This site, CovidVaxCount, claims to have a live view of the number of Americans that have been vaccinated via scraping the CDC, which currently sits at around 6%. More

Tailwind CSS Blocks More

7 Threat Hunting Tools Everyone In the Industry Should Be Using More

Jeff Bezos has a rule that says the best decisions are made with 70% of the information. Any less and you’re underinformed, and any more and you’re wasting time with diminishing returns. More

What Parler Saw During the Attack on the Capitol — A stunningly well put together collection of videos posted by Parler users on the day of the attack, broken down by location, such as around DC, outside the Capitol, and inside the Capitol. More

A great look at Palantir’s assistance in Afghanistan. More

Pup — A Go-based command-line HTML parser that can filter based on CSS selectors. More

Snort 3.0 has been released, with significant improvements to processing and rule management. More

Ffuf 1.2.0 has been released, which includes rate limiting and config file support. More

RECOMMENDATIONS

Make sure you don’t miss Rachel Tobac’s InfoSec Sea Shanty. More

APHORISMS

“To understand how something works, figure out how to break it.”

~ Nassim Taleb

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

We all know Orwell as an expert on failed governments, and I just happened upon his review of Mein Kampf from 1940—so, before it was clear he was the worst person in the world.

The review is short, but the last part of it has few sentences that perfectly captures what I think we’re facing right now in the United States.

Also he (Hitler) has grasped the falsity of the hedonistic attitude to life. Nearly all western thought since the last war, certainly all ‘progressive’ thought, has assumed tacitly that human beings desire nothing beyond ease, security and avoidance of pain.

This is a wonderful capture of what I’ve been talking about in my recent posts about struggle and meaning.

The Socialist who finds his children playing with soldiers is usually upset, but he is never able to think of a substitute for the tin soldiers; tin pacifists somehow won’t do.

He’s saying that we need this fight against some kind of enemy. That we are the happiest when we have such a battle to fight. I think he’s correct, and that people start to come apart when no such struggle exists.

Notice that he’s blaming human nature, not left or right.

Hitler, because in his own joyless mind he feels it with exceptional strength, knows that human beings don’t only want comfort, safety, short working-hours, hygiene, birth-control and, in general, common sense; they also, at least intermittently, want struggle and self-sacrifice, not to mention drums, flags and loyalty-parades. However they may be as economic theories, Fascism and Nazism are psychologically far sounder than any hedonistic conception of life. The same is probably true of Stalin’s militarised version of Socialism.

This is brilliant. He’s obviously not promoting Facism or Nazism. He is in fact our most famous critic against extreme governments. He’s saying they resonate more with humanity, and that we’d be well-served to keep this fresh in mind. That’s a powerful and devastating lesson—one that we evidently have to learn every generation or two.

But it gets better, and takes us right into 2016, 2020, and the attack on our Capitol building.

All three of the great dictators have enhanced their power by imposing intolerable burdens on their peoples. Whereas Socialism, and even capitalism in a more grudging way, have said to people ‘I offer you a good time,’ Hitler has said to them ‘I offer you struggle, danger and death,’ and as a result a whole nation flings itself at his feet.

Stunning.

After a few years of slaughter and starvation ‘Greatest happiness of the greatest number’ is a good slogan, but at this moment ‘Better an end with horror than a horror without end’ is a winner. Now that we are fighting against the man who coined it, we ought not to underrate its emotional appeal.

This feels quite like the mentality of those mobbing Capitol buildings calling for revolution.

Better an end with horror than a horror without end.

Hitler said that—as a call to arms—presumably against the continued disgrace of the Germans after World War I.

And he proposed going all-in on conflict, to get back the pride of the people. His people.

Yeah, sounds pretty damn familiar.

You might think I’m saying that Trump is Hitler, and that supporting him is no different than supporting the Nazis. No, that’s not it. That’s throwing poop at people. Name-calling. It’s not learning the lesson Orwell was trying to teach here.

The lesson is in the last line of the review.

Now that we are fighting against the man who coined it, we ought not to underrate its emotional appeal.

That’s it. That’s the lesson. There is a deep emotional need for pride, and for struggle that makes one feel as if they have earned that pride. Take either of those away from a people and they will become dangerous.

In general, not in all cases.

That’s what’s happening to the demographic supporting Trump. Older, White, less educated, and feeling disenfranchised. That’s the weakness. That’s our vulnerability.

If we fix that we close the opening not just for Hitler and Trump, but for their subsequent incarnations as well.

NotesThis is why calling those caught in this spell “deplorables” is not just unproductive; it’s counter-productive. It’s yet another attack on the pride of your target audience, which drives them even further into the arms of the authoritarian.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.