Daniel Miessler's Blog, page 55

You’ve reached a piece of member-only content.

Subscribe

If you’re already a subscriber, please login here.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

The terrorists who attacked the Capitol building have a lot in common with ISIS, at least from my perspective.

But that’s just the point. It really is just a matter of perspective.

If I believed as that mob does, that our democracy was being attacked, and that all elee had failed, I might be inspired to take up arms as well.

I am not so inclined simply because I see the world differently.

It’s the same with ISIS. As it turns out, if you really believe that you go to heaven and get lots of virgin olives when you die, suicide bombings become quite logical.

In both cases, it’s not the actions that are illogical. It’s the beliefs that are—in my opinion—wrong.

This is why cults and religions are dangerous. It’s because—as Harris and Hitchens have pointed out—they’re the frameworks that enable good people to do evil.

As they say, any evil person can do evil, but for a good person to do evil you need something extraordinary, like a cult or a religion.

Ultimately this is the real danger of misinformation. It’s not that you get the wrong atomic weight for Titanium in a Wikipedia article. It’s that large groups of the uneducated and angry can have an entire belief system transferred to them with the speed and virality of social media.

It’s those belief systems we need to worry about.

Many of the people who stormed the Capitol have likely been good people all their lives, or at least part of them, and are still capable of great good.

The exceptions like serial killers are rare.

Max Tegmark was on Lex Fridman’s podcast recently and said he didn’t like using the terms good and evil to describe people because of this problem. Because if you ask the average person doing “evil”, it turns out they think they’re doing good.

So once again, we’re back to what they believe and what they think must be done because of those beliefs.

When I think about all this stuff going on, I try to keep focused on the real problem, which is millions of people believing things that aren’t true.

It’s our education, and our culture, and our fundamental beliefs around globalism, racism, and identity that are causing these problems.

Trump is an avatar, and an instigator, but he’s not the problem.

The problem is millions of people being vulnerable to a horrible set of beliefs, and fighting against one set won’t immunize against the next one because the population is still just as vulnerable.

Not just traditional education, but on the dangers of racism, scapegoating, etc.

We need to immunize our populations against dangerous beliefs through education. It’s the only path.

Anything less is addressing symptoms rather than disease.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I’m becoming something of an audiophile. I know, that’s what I thought at first too.

The whole process has been fascinating to me, from the learning, to the gear, to the listening.

But what I’m finding most enjoyable about it, if I pay attention closely, is the fact that I’m engrossed in it. That I’m passionate about it.

That’s all we really want, isn’t it?

I wrote about this here and here

The most depressed people I know are those who aren’t deeply interested in anything.

I owe a lot of my positivity to curiosity. The fact that so many things are fascinating to me makes the world an endless source of happiness.

So when I think of something like being an audiophile, I see it as a path to extreme enthusiasm. The bliss of chasing something, which you then enjoy. It’s the process of optimization, tweaking, adjusting, and then enjoying once again.

I get this vibe from many such activities. Cooking. Gardening. Woodworking. Painting. Making music.

The happiest people are those who are most excited by life.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Many are very confused about what happened with Parler being pushed off the internet, and I think I can help.

Imagine that you’re a new virtual server provider and you have five scenarios:

You get a message saying one of your customers is hosting a joke forum that has within it some sexist jokes. Al Bundy stuff, basically, where it makes fun of women and wives and how much they annoy their husbands.You get a message saying one of your customers is hosting a messages forum frequented by lots of early-teen males with anger issues, and evidently there is a lot of low-scale racist and sexist comments, and some homophobia. None of it seems super violent or dangerous, but it’s definitely offensive.You get a message saying one of your customers is hosting a forum where men share pornographic images, but it’s mostly softcore and high-art type stuff. Some virtual/art and some actual photography. But it seems pretty tame and respectful, at least for what it is.You get a message saying one of your customers is hosting a forum for general pornography, but within the last 6 months it’s gotten increasingly explicit, and now there are multiple sections that keep popping up sharing borderline-age porn images. You get a message saying one of your customers is hosting a forum for “freedom from groupthink”, and for years it was very civil and just presented viewpoints that were counter to the mainstream politically correct opinions. But it wasn’t really directly violent or aggressive. But suddenly, over the last 6 months, it became extremely popular and now there are tons of sub-groups there who are outright promoting terrorism, racist attacks, and all sorts of horrible behavior.

Now—in all three cases—imagine that the person contacting you is saying this material is unacceptable and that they’re going to discontinue doing business with you if you don’t stop hosting them.

What do you do?

And even better—what is your process for deciding what you should do?

I think one thing should be extremely clear: as the business owner of this server hosting company, it’s up to you to decide. If you only want to host Christian bakery forums, that’s your choice. And if you only want to host Metal bands looking for drummers, that’s your choice.

There’s lots of legitimate stuff on Pirate Bay, but that doesn’t stop hosting providers from wanting to avoid the bad part.

It’s your choice to decide who to take as a customer, and who to deny, and that’s exactly what AWS did when it kicked Parler off its platform.

They didn’t stop the thousands of other hosting providers from hosting them. All they can control is their own service. It’s up to their competitors if they want to do business with them now that AWS doesn’t. And that’s where Pirate Bay comes in.

Remember Pirate Bay? Remember how they repeatedly got caught hosting questionable content, and then subsequently kept getting kicked off of various hosting services? One after another made the individual choice not to take them on as a customer based on the content that they seem to allow on their service.

This is no different.

Parler did appear to start out as just an alternative place for conversation. But that was a long time ago. And as things started heating up the place evidently kept getting more and more extreme. And then it turned out to be used by a significant number of the people who attacked the Capitol.

Well, yeah. That’s likely to get you kicked off of a platform. That’s expected behavior. The service is now tainted with the labels of terrorism, violence, etc. I’m sure it’s not all like that, but it doesn’t matter. 90% of Parler could have been a bunch of LGBT Mormon Pacifist Boyscouts, but if the other 10% were a serious problem, and the moderators weren’t controlling it, that’s plenty of reason for a host to say, “No thanks.”

And by the way, you know Pirate Bay still exists, right?

They got banned a million times by a million hosts, and they still found a way. Why? Because they weren’t censored by Christianity or the US Government. They simply had a bunch of private companies decide they didn’t like their objectionable content.

That’s what this case is ultimately about. Objectionable content.

Again, go back up to the list of scenarios above. It’s one thing to kick someone off your platform for hosting bad jokes. It’s another to kick them off for being aggressively racist and sexist. And it’s another to kick them off becasue you can’t control the forums becoming a hotbed for insurrection against the government of the United States.

That’s radioactive shit. Like underage porn, or ISIS planning forums. We should not be surprised that once AWS dropped it, many other companies followed their lead.

That’s not evidence that the universe conspired against Parler. It’s evidence that the universe continues to work like normal, and that their content is simply considered objectionable.

Insurrection, terrorism, racism, anti-Semitism, pornography, drugs, weapons, etc.—these are all categories of content that will get you kicked off of a platform if you fail to moderate them.

So stop complaining that the left-wing media crushed your free speech. They didn’t, just as they didn’t crush Pirate Bay’s free speech. Or some hosting site for questionable porn.

You’re free to be a libertarian, or to be part of the IDW, or to be anti-leftist. You know there are thousands of creators all over the internet doing that, right? Millions of people, blogging, sharing video, hosting their own shows on YouTube, on television, or on talk radio. There is tons of conservative media out there. Tons.

I find it hilarious that I keep seeing all these conservative voices in the media complaining about conservative voices have been censored.

Ben Shapiro, David Rubin, Tucker Carlson, Rush Limbaugh—all thriving…

Turns out, hosting insurrectionist extremists is a pretty high bar.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) January 17, 2021

Parler wasn’t taken offline for having conservative viewpoints. If that were the case, it would apply to millions of other outlets as well.

They were taken offline for hosting the domestic terrorism version of ISIS 8Chan. Maybe it only became that recently, but that’s not a defense. The content was more than enough reason for AWS to boot them, and it makes complete sense that others followed.

When the whole internet cancels Ben Shapiro and Tucker Carlson because they have right-leaning views then I’ll be fighting with you. But that’s not what happened. They’re still doing fine because they’re not encouraging attacks on our democracy.

This is not a mystery. Don’t make it one.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I often look back and wonder when my opinion changed about something.

My ideas on top-down vs. bottom-up approaches for nurturing ideas, for example. I know I read Loonshots, and I know I read The Evolution of Everything, and I think I read them pretty close together.

I credit/blame Tim Tyler for these wonderful diversions.

But I also read several other books orthogonally to those, both before and after. One book would lead to another—or maybe three or five more—and I read them all. A couple of times I felt like I had an epiphany, but in general I just had a feeling of, “Hmm, interesting.”

But then I slept. Every night after reading, I slept.

Are we doing something like backpropagation while we sleep?

There is a lot of research and common wisdom about us learning in our sleep. Everyone has a story about being stumped by something all day and all evening, going to bed, and waking up with the answer.

The details of how this happens is where the research is focused.

The general theory is that the brain somehow makes sense of our world, does cleanup, and works out problems while we are unconscious, and that reminds me of machine learning’s backpropagation in two ways.

It’s optimizing something based on what happened recentlyIt’s really hard to track all the changes that were made

So your ability to identify the “catness” of a furry animal might improve the more backprop you do, or you might start to understand the creative process better the more good books you read on related topics, but you’ll never be able to point at a magical threshold.

Because there wasn’t one. It was gradual, over time, as the result of consuming inputs and running this learning/adjustment process.

Reading is like Machine Learning because both lack attribution on how they got to where they are.

I hear Goodreads is closing its API soon, which I hope is only a rumor.

I think that’s fascinating, and it’s why I’m obsessed with tracking what I read. I’d love to be able to capture every book and talk I’ve ever consumed, and tag the crap out of it.

That way, if I suddenly notice my view changed on macroeconomics one day, I can look backwards at everything tagged with similar themes over the last several years.

Even then I wouldn’t be able to point and say, “That one!”, but I will likely be able to say something like,

That change probably came from this phase of discovery, from these 9 books and these 4 talks, spread out over 3.5 years.

That would be pretty cool.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.

Happy New Year! I’m trying to get to 1,000 paid subscribers, and if you enjoy the newsletter please consider becoming a member for just $59.99 a year (less than $5/month). Subscribe Now



SECURITY NEWS



Many are worried about the integrity of congressional IT systems after a mob entered the Capitol building and roamed around without any security present. One concern is that there could have been a few sophisticated attackers mixed in with the group, and that they may have left hidden eavesdropping devices or installed malware. More



The FBI is warning private industry against the Egregor ransomware group, which they say is one of the groups that extracts data before they encrypt it so that it can be used in other types of attack. They also say there are multiple implementations of the “service”, which means the TTPs can differ widely. More



It appears Parler was hacked through an information disclosure issue which lead to the ability to create admin accounts, which ended up yielding full data extraction capabilities via the API. This has resulted in mass-downloading of Parler user data, including that of “Verified Citizen” accounts, which require that the person upload their actual driver’s license. So basically a massive doxing at this point. And it appears law enforcement has been using this data to create no-fly lists and to launch further investigations. More



Clearview—the facial recognition app used by law enforcement—has seen a surge in usage since the Capitol attack last week. More



There is speculation that JetBrains, a company founded by three Russians and which maintains a Russian presence, may have been part of the Solarwinds incident. The software is used in software development, and has been purchased by 79 of the Fortune 100, including Solarwinds. More

 

It appears Chinese APTs are starting to chase financial targets. It’s not clear if it’s a means or an ends, but one example comes from Israeli security companies Profero and Security Joes. They found APT27 (Emissary Panda) going after five online gambling companies. Earlier in 2020, Trend Micro also found APT41 going after online gaming companies. More



The US government has banned Alipay and 7 other Chinese applications for use in the US. More



In the continuing discovery process of the scope of the Solarwinds hack damage, it appears countless sealed court documents were accessed as well, according to the Administrative Office of the US Courts. More



Jack Ma—the richest man in China—has gone missing after criticizing Chinese banks and having his ANT IPO stopped by the Chinese government. Nobody’s seen him in public for weeks. This is a really bad look for China, and it’s just going to tell more ambitious Chinese to get out as fast as they can, as well as telling other countries not to trust them. More



The US Space Force (still getting used to that) detected an Iranian missile attack against US forces in Iraq and alerted personnel before the missiles landed. Many were injured, but nobody died due to the early warning from the 2nd Space Warning Squadron. More



Vulnerabilities:

NVIDIA has shipped patches for multiple high-risk issues, with the highest being CVSS 8.4. More

Incidents:

Nissan had a significant source code leak due to using admin/admin as its Github credentials. The repo had over 20GB of data in it. More

TECHNOLOGY NEWS



OpenAI has released two new GPT-3 models that combine NLP with image recognition. One of them, called DALL-E, allows you to describe in natural language an image that you want it to create. Such as, “an avocado that looks like a chair”, and it’ll make some for you by itself. I often feel like OpenAI is our real-world Cyberdyne Systems. More Examples



CES is kicking off this week, and LG has some slick new transparent OLED stuff that looks really cool. The best demonstration I saw of it was a subway window that has data on it but that you can also still see through. The restaurant ordering use case was pretty cool too. But I’m all about the 8K 88″ OLED. Video



Bitcoin has crossed $40,000 less than three weeks after crossing $20,000. Not sure if this is tech news or human news, honestly. People are very worried it’s another bubble, but I think the ‘money sheltering for the rich’ angle changes things slightly. Maybe. More



Some documents out of China hint that Tesla may be looking to produce a new car for $25,000 to $30,000 as early as 2022. If this is true, and they were actually able to build them at scale, this would be more trouble for traditional carmakers, and for people who short-sold Tesla stock. More



HUMAN NEWS



It appears identical twins can differ genetically very early on in their development, and that later differences in the twins can be caused by genetics as well as environment. More



I’m not a Jeopardy fan, but I’ve seen my portion of episodes. For some reason 2020 has made this tribute video to Alex Trebek hit a lot harder. I guess because he represented part of America. Video



Elon Musk has passed Jeff Bezos to become the richest person in the world on the skyrocketing price of Tesla stock. More



A new study published in Science indicates that resistance to COVID from a previous case or vaccination might last longer than feared—even up to years. More



We have new images of Mars’ Valles Marineris, the biggest canyon system in the solar system. It’s 10 times longer than the Grand Canyon, and three times as deep. More



Denmark is offering homeowners 20-year loans at zero fixed interest. More



IDEAS & ANALYSIS



The Line Between Choosing Your Own Customers and Censorship — Was it censorship for AWS to drop Parler, or is it their right as a private company to pick who they work with? More



On Unionizing Against Tech Companies — When is it ok to push back against your company’s mission, and when should you just leave? More



MY UPDATES



I just started a new book called, The City We Became, by N.K. Jemisin. It’s like no other book I’ve ever read. And Rothfuss, the author of Name of the Wind, says this is the future of fantasy. I can see why. More



DISCOVERY  



Notes On Writing Well More



Aaron Swartz on how to be more productive. More



What I’ve Learned in 45 Years in the Software Industry More



How to Find the Perfect Music and Podcasts, Faster. More



15.ai — Create character voices with definable characteristics, using AI. More



Schwarzenegger’s comments on last week’s events were fantastic. Video



[ Free Book ] Algorithms For Making Decisions PDF



[ Free Course ] Machine Learning for Security Professionals More



Don’t dox yourself when tweeting about data breaches. More



Wired’s list of highly-hyped TV shows for 2021. More



RECOMMENDATIONS



When you think about probabilities in an uncertain situation, consider using the Probability Yardstick, which is used by NSA and multiple UK intelligence and law enforcement groups. It associates common phrases like, “remote chance”, or “realistic probability” into actual percentages so that analysts and decision-makers can have a shared language. More



APHORISMS



“We are more often frightened than hurt; and we suffer more in imagination than in reality.”



~ Seneca

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I tweeted something today about AWS kicking Parler off its platform this week, and it turned into a whole thing.

AWS banning Parler from their platform is not censorship because there are countless other providers that will host them.

Individual providers are not required to host anyone. It’s their choice who to take on as a customer.

They are not the government.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) January 10, 2021

Rob is a buddy of mine, and we ended up texting about the issue later in the thread as well.

You can read the whole thread above, but Rob was basically arguing that any influence—private or government—to limit speech is censorship. Which I just don’t agree with.

Maybe it can sometimes be desired censorship, or attempted censorship, but true censorship requires both authority and impact, as I would argue we can see from Oxford’s definition here.

A definition dance-off

If you can easily take your ball and go somewhere else you’re not being censored. For example, it’s not censorship for a small, private art gallery to decide not to show your piece in their upcoming event.

Why not?

Because there are other art galleries. And it’s not like the gallery is run by the government and they called every other art outfit in the country and told them not to carry you. If that were the case, it would be censorship.

Book publishers are another example. Are they required to publish everything that gets submitted? Or do they get to choose?

Publishers choose all the time not to publish someone because they don’t agree with their stance. That doesn’t make them censors because they’re one of many.

So AWS saying no is not really a big deal unless they represent some sort of authority that controls others. Traditionally that has meant government or religion, which is where this all comes from.

In short, censorship requires centralized, large-scale impact to someone’s ability to get their message out. In the old days that meant libraries, radio stations, MTV, etc., which were being influenced by a government or Christianity to not carry something.

AWS not hosting someone when they can go many other places to get the same service—which users don’t even see anyway—doesn’t apply.

And before anyone asks, yes, I do see a potential risk of a slippery slope where a denylist is set up and we start seeing bans across multiple platforms for any view that deviates from the current in-crowd narrative.

But there’s the small matter of that Parler-shaped slippery slope storming the capitol building this week.

In other words, I have a sneaky suspicion that all this activity is related to an extremely recent kinetic attack on our democracy rather than some amorphous and impending slippery slope from the left.

Sure, we should remain vigilant against that, but let’s start by keeping control of our government buildings.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Over the last few years I’ve seen two very different complaints against tech companies.

Google is the most recent example.

Workers Being Treated Poorly: I’m 100% in support of unionizing for this reason. Treating contractors like garbage, racism, sexism, other types of discrimination, poor working conditions, etc. These are all the types of issues that lead to the creation of unions in the first place, so…absolutely. I’m with you.
Unhappiness With What the Company Is Working On: This one makes no sense. Most people weren’t hired to pick what the company works on. And even if you were, you still need the rank to act autonomously or the gravitas to convince others to support you. Being a coder, a PM, or some random manager doesn’t give you those abilities.

The operative issue here is compulsion.

This second situation reminds me of the free speech discussion, where the right-wing types claim censorship because they can’t spread drivel on Twitter without being banned. It’s not censorship because it’s not the government, and it’s the same with complaining about company mission.

Your right to complain scales with your compulsion to participate.

You can’t complain about the work a company is doing when it’s your choice to work there. That’s like walking into a shop that only sells hotdogs and filing a complaint that they don’t have hamburgers.

Not only do they not have to sell hamburgers, but they can be called “Only Hotdogs” and then suddenly one day decide to stop selling hotdogs and only sell Shawarma instead. That’s their choice, because it’s their business.

I wouldn’t be surprised, actually.

What are you going to do? Sue?

If you don’t like what a store sells—and yet you insist on staying there and complaining (loudly) about their inventory—you have some kind of disorder that’s probably hard to pronounce.

If you choose to work at Facebook, or Palantir, or the NSO Group—in the year 2021—you know damn well what they do. You’re not stupid, because if you were you wouldn’t have a job there.

You work there because they pay you a lot of money.

So don’t try to rub Activist Aloe on your bruised conscience by starting a club that complains about the work. That work pays your bills, and you are free to leave any time you want.

This is no different than the hotdog shop.

Walk away or shut the fuck up.

Notes


There is a third case where someone might be genuinely concerned about privacy, or the environment, or whatever issue that said company could be violating, and so they want to oppose that company. No problem. But don’t take a job there, enjoy the free snacks, brag about the job to all your friends, and then one day decide from within that you’re a warrior for good causes. If you have genuinely learned something new about the company, and no longer want to support it, quit. And if you feel strongly enough to oppose them, do it from the outside. This crap about “it’s easier to change it from the inside” is usually what people with no power to actually make that change say when they don’t want to give up the paycheck.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I’ve always been skeptical of nostalgia.

It feels to me like surrender to the idea that it’ll never be better than it was.

Fuck that. We should be doing stuff today that we can be nostalgic about tomorrow.

But only for a second.

It’s fine to pause by yourself, or with friends, and say:

Remember that time when we all packed into the car and went to the aracde, and then saw Terminator 2, and then got those burgers? (dreamy looks) …that was so great…

That’s great. It’s nice to enjoy moments more than once, and to appreciate the past. But when that moment starts lasting too long, it can quickly become a lifetime.

The Ready Player 2 book cover

I loved Ready Player 1, by the way.

I’m reading Ready Player 2 right now, which is the follow up to Ready Player 1, which was basically a nostalgic trivia orgy, with a story to keep it stitched together.

And the one thing that I keep thinking is, why are we doubling down on the nostalgia and the trivia about the past? I mean, one explanation is just money. I’m sure Spielberg and co. would love to have another hit on their hands. And there’s nothing wrong with that. Sequels are super popular right now.

But I think that’s part of the problem. Sequels are so popular because we’re lacking the imagination to create new things.

If the 1980’s had that mentality we’d never have all the cool stuff that Cline is writing about. Imagine if the 80’s were nothing but 60’s nostalgia. That would not be worthy of nostalgia itself.

And that’s the point. Only original content deserves nostalgia.

If you get too stuck remembering the past you’ll never put in the effort to create the future.

I know lots of people from high school who literally talk about nothing but high school and the late 80’s. They only like old music from that time. They can’t enjoy new bands or types of music. Everything is compared to their tiny slice of magical time when they were kids.

This is horribly depressing, and I’m getting the same vibe as I read Ready Player 2. Like it’s for people who just can’t let go and look to the future.

One book on the topic was brilliant. A second is either rote monetization or depressing, or both—even if the book is good.

Anyway, again, I’m not saying it’s not fun to reflect on magical times. By all means, take that moment to celebrate with the crew. Share the smiles.

But let that wonderful feeling wash over you and turn into the desire to create new memories together of the same quality.

Focus on the present. Focus on the future.

Don’t let nostalgia trap you in the past.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

You’ve reached a piece of member-only content.

Subscribe

If you’re already a subscriber, please login here.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.