Daniel Miessler's Blog, page 55

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.

SECURITY NEWS

FireEye has published the technical details around the SolarWinds hack, and have released a free tool to detect indicators. More

There’s an argument that cyberinsurance providers are funding organized crime by paying ransomware claims. More

The FBI is tracking down people who were near the Capitol when it was attacked. They’re going through cell tower ping data and just brute-forcing through the list. Great police work, and I think for a good reason this time, but a lot of people are worried about the precedent. More

Netscout says Windows RDP servers are being used to launch DDoS attacks. They said the magnification factor for RDP is 85.9, so a small request could result in a 1,260 byte reply. More

Palantir stock has jumped over 250% since its IPO, but I’m not going near it. Its valuation is over 28x its sales, and there is no clear narrative explaining why. Could be an amazing investment, could be the dumbest thing ever to put money into. I can see both arguments clearly, so I’m staying out. More

Scammers are sending fake job offers on LinkedIn to get people to enter bank details. This is almost as ingenious as fake shipping updates for Amazon and UPS. Job offers and package deliveries are two things people generally click on. More

DDoS is increasingly being used as part of ransomware attacks, where the attacker contacts the victim and says they will allow the site to function if they pay. The real danger will come, however, when groups are sophisticated enough to combine all the different interaction scripts, leverage types, payment infrastructures, etc. So, good cop vs. bad cop, encrypting the data vs. leaking it vs. DDoS, etc. More

Ransomware evidently made up 81% of all financially motivated attacks in 2020. More

A Chinese hacking group being called Chimera, which is suspected to be working for the Chinese state, has been hacking the airline industry for months. A member of the Unsupervised Learning Slack community had a great way of describing this type of activity, which is adding to their CRM (Customer Relationship Management) system. This is a good way to look at it, which I agree with, given that they’ve hacked OPM, Equifax, Marriott, and countless other industries. More 

Jack Ma finally re-emerged into the public again after disappearing for months after embarrassing China’s government. The government stopped his massive IPO, he disappeared, and they announced that many of his companies are being taken over by the state. Ma showed up virtually to recognize rural teachers, and said that he intended to focus more on philanthropy and revitalizing the countryside—which are all CCP themes. I bet he’s willing to say and do anything at this point. More

Navalny, the ex-FSB operative who was poisoned by Putin, is waging a PR war against him. He runs an anti-corruption group that just published a full report on a billion-dollar mansion that they say belongs to Putin, putting even more pressure on the Russian president while much of the country struggles to survive. Navalny has been arrested again, and there are now major protests pushing for his release. More 

Vulnerabilities:

Natalie Silvanovich of Project Zero has found a common vulnerability across multiple chat platforms, including Signal, Google Duo, Facebook Messenger, and others, that allows for potential eavesdropping on communications. More Cisco issued multiple patches for its SD-WAN software to address possible HTTP, SQL injection, and buffer overflow attacks. More Drupal releases updates for an issue that can lead to system takeover. More QNAP is warning users of malware called Dovecat that can install a Bitcoin miner on their NAS. More

Incidents:

Malwarebytes was hacked by the same group that hit SolarWinds, with a suspected focus on O365. More A known hacker has leaked 2.28 million users’ data for a site called meetmindful.com. More Attackers have published 4,000 private files belonging to the Scottish Environmental Protection Agency after intially asking for ransom. More

Companies:

Swimlane has raised $40 million to continue automating security operations. More

TECHNOLOGY NEWS

Toyota is getting ready to release its solid-state battery technology that reportedly charges in 1/3 the time and has twice the capacity. More

Forbes is going heavy into paid newsletters, and they’re hiring up to 30 writers who already have large followings to kick it off. More

Australia is asking Google to pay royalties to publishers, and Google is threatening to pull out of the country if they force the issue. More

CentOS is dead, but Red Hat is making RHEL free for up to 16 production servers. More

If you feed text mentioning Muslims to GPT-3 it often will create a passage mentioning terrorism and bloodshed. “Mama, when we defeat the infidels today I’m going to wear a headscarf until I’m 8 just like you!’ But then the screams outside wake me up. For some reason I’m covered in blood.” The challenge is that when you feed a model gigabytes of text, it’s really hard to thoroughly filter what it’s learning from. More

Companies:

Rivian raises $2.65 billion as it gets ready to make its electric pickup. More

HUMAN NEWS

Electric car sales increased by 43% in 2020. More

A new study out of Stanford has found a compound that reverses the effects of brain aging in mice. “More striking, the compounds reversed mice’s age-related cognitive decline. Older mice who received them performed as well on tests of recall and spatial navigation as young adult mice.” It’s a remarkable time to be aging. More

Bolsanaro of Brazil could face Crimes Against Humanity charges over destruction of the Amazonian rain forest. More

Elon Musk is offering a $100 million dollar prize for carbon capture tech. More

Lack of sleep and the presence of stress can lead to concussion-like symptoms. More

A new study says exercise can help slightly with cardiovascular risk if you’re obese, but it doesn’t help nearly as much as lowering your weight—basically contradicting the idea of ‘fat but healthy’. More

2020 had the highest number of US homicides in over two decades. Increases by city include: Seattle (74%), New Orleans (62%), Atlanta (58%), Portland (52%), New York (39%), and San Francisco (32%). More Dataviz

Audi is moving all of its A4, A6, and A8 models to electric. More

IDEAS & ANALYSIS

Parler and Russian Intelligence Operations — So, Parler has partially come back online, protected by DDoS-guard, a company run by a couple of Russian guys. And as it turns out, one of the founders happens to have a Russian wife who likes to make fun of the idea that she’s a Russian spy. This Twitter thread describing the whole scenario and timeline is too unbelievable for fiction. Reminds me a lot of Maria Butina and the NRA. But the best part is where she posts her (American) kid’s social security card showing off her nationality, while having other posts about how much she loves the show The Americans. And yes, this could still absolutely be a red herring; I juist think it’s unlikely at this point. A primary goal of Russian intelligence is to create internal division within the United States, and they seem to have a clear hand in the rise of Parler, which seems to have been used extensively to unify and organize the movement to attack the Capitol building. Think about how close they came to starting a civil war in the US. Let me just state this plainly, we are witnessing the most stunning set of intelligence operations of all time right now from Russia. I mean, as a student of this game, they are seriously impressive. Once they become public the intelligence community will be studying these operations for centuries to come. More Thread

It’s Not About Left and Right — “Our lesson cannot be that Trump supporters are bad, or that Hitler was bad, and to watch out for them. The lesson has to be that a weak strongman playing off a population’s desire for pride is a dangerous pattern that repeats.” Tweet This

MY UPDATES

Currently finishing Homeland, which is our UL Book Club book of the month for January 2021. 

Reading Homeland has made me want to try to write fiction again. Specifically, fiction that describes a possible future world. I feel like this is mostly what Doctorow is doing. He’s describing a setting more than a story.

DISCOVERY  

Thinkst Canary — See high-signal attacker activity on your network using physical, VM, or cloud-based tokens. [SUP] More

Someone’s made an easier version of Markdown called Dumbdown. More

The new Whitehouse website is running WordPress. More

This site, CovidVaxCount, claims to have a live view of the number of Americans that have been vaccinated via scraping the CDC, which currently sits at around 6%. More

Tailwind CSS Blocks More

7 Threat Hunting Tools Everyone In the Industry Should Be Using More

Jeff Bezos has a rule that says the best decisions are made with 70% of the information. Any less and you’re underinformed, and any more and you’re wasting time with diminishing returns. More

What Parler Saw During the Attack on the Capitol — A stunningly well put together collection of videos posted by Parler users on the day of the attack, broken down by location, such as around DC, outside the Capitol, and inside the Capitol. More

A great look at Palantir’s assistance in Afghanistan. More

Pup — A Go-based command-line HTML parser that can filter based on CSS selectors. More

Snort 3.0 has been released, with significant improvements to processing and rule management. More

Ffuf 1.2.0 has been released, which includes rate limiting and config file support. More

RECOMMENDATIONS

Make sure you don’t miss Rachel Tobac’s InfoSec Sea Shanty. More

APHORISMS

“To understand how something works, figure out how to break it.”

~ Nassim Taleb

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

We all know Orwell as an expert on failed governments, and I just happened upon his review of Mein Kampf from 1940—so, before it was clear he was the worst person in the world.

The review is short, but the last part of it has few sentences that perfectly captures what I think we’re facing right now in the United States.

Also he (Hitler) has grasped the falsity of the hedonistic attitude to life. Nearly all western thought since the last war, certainly all ‘progressive’ thought, has assumed tacitly that human beings desire nothing beyond ease, security and avoidance of pain.

This is a wonderful capture of what I’ve been talking about in my recent posts about struggle and meaning.

The Socialist who finds his children playing with soldiers is usually upset, but he is never able to think of a substitute for the tin soldiers; tin pacifists somehow won’t do.

He’s saying that we need this fight against some kind of enemy. That we are the happiest when we have such a battle to fight. I think he’s correct, and that people start to come apart when no such struggle exists.

Notice that he’s blaming human nature, not left or right.

Hitler, because in his own joyless mind he feels it with exceptional strength, knows that human beings don’t only want comfort, safety, short working-hours, hygiene, birth-control and, in general, common sense; they also, at least intermittently, want struggle and self-sacrifice, not to mention drums, flags and loyalty-parades. However they may be as economic theories, Fascism and Nazism are psychologically far sounder than any hedonistic conception of life. The same is probably true of Stalin’s militarised version of Socialism.

This is brilliant. He’s obviously not promoting Facism or Nazism. He is in fact our most famous critic against extreme governments. He’s saying they resonate more with humanity, and that we’d be well-served to keep this fresh in mind. That’s a powerful and devastating lesson—one that we evidently have to learn every generation or two.

But it gets better, and takes us right into 2016, 2020, and the attack on our Capitol building.

All three of the great dictators have enhanced their power by imposing intolerable burdens on their peoples. Whereas Socialism, and even capitalism in a more grudging way, have said to people ‘I offer you a good time,’ Hitler has said to them ‘I offer you struggle, danger and death,’ and as a result a whole nation flings itself at his feet.

Stunning.

After a few years of slaughter and starvation ‘Greatest happiness of the greatest number’ is a good slogan, but at this moment ‘Better an end with horror than a horror without end’ is a winner. Now that we are fighting against the man who coined it, we ought not to underrate its emotional appeal.

This feels quite like the mentality of those mobbing Capitol buildings calling for revolution.

Better an end with horror than a horror without end.

Hitler said that—as a call to arms—presumably against the continued disgrace of the Germans after World War I.

And he proposed going all-in on conflict, to get back the pride of the people. His people.

Yeah, sounds pretty damn familiar.

You might think I’m saying that Trump is Hitler, and that supporting him is no different than supporting the Nazis. No, that’s not it. That’s throwing poop at people. Name-calling. It’s not learning the lesson Orwell was trying to teach here.

The lesson is in the last line of the review.

Now that we are fighting against the man who coined it, we ought not to underrate its emotional appeal.

That’s it. That’s the lesson. There is a deep emotional need for pride, and for struggle that makes one feel as if they have earned that pride. Take either of those away from a people and they will become dangerous.

In general, not in all cases.

That’s what’s happening to the demographic supporting Trump. Older, White, less educated, and feeling disenfranchised. That’s the weakness. That’s our vulnerability.

If we fix that we close the opening not just for Hitler and Trump, but for their subsequent incarnations as well.

NotesThis is why calling those caught in this spell “deplorables” is not just unproductive; it’s counter-productive. It’s yet another attack on the pride of your target audience, which drives them even further into the arms of the authoritarian.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

You’ve reached a piece of member-only content.

Subscribe

If you’re already a subscriber, please login here.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

The terrorists who attacked the Capitol building have a lot in common with ISIS, at least from my perspective.

But that’s just the point. It really is just a matter of perspective.

If I believed as that mob does, that our democracy was being attacked, and that all elee had failed, I might be inspired to take up arms as well.

I am not so inclined simply because I see the world differently.

It’s the same with ISIS. As it turns out, if you really believe that you go to heaven and get lots of virgin olives when you die, suicide bombings become quite logical.

In both cases, it’s not the actions that are illogical. It’s the beliefs that are—in my opinion—wrong.

This is why cults and religions are dangerous. It’s because—as Harris and Hitchens have pointed out—they’re the frameworks that enable good people to do evil.

As they say, any evil person can do evil, but for a good person to do evil you need something extraordinary, like a cult or a religion.

Ultimately this is the real danger of misinformation. It’s not that you get the wrong atomic weight for Titanium in a Wikipedia article. It’s that large groups of the uneducated and angry can have an entire belief system transferred to them with the speed and virality of social media.

It’s those belief systems we need to worry about.

Many of the people who stormed the Capitol have likely been good people all their lives, or at least part of them, and are still capable of great good.

The exceptions like serial killers are rare.

Max Tegmark was on Lex Fridman’s podcast recently and said he didn’t like using the terms good and evil to describe people because of this problem. Because if you ask the average person doing “evil”, it turns out they think they’re doing good.

So once again, we’re back to what they believe and what they think must be done because of those beliefs.

When I think about all this stuff going on, I try to keep focused on the real problem, which is millions of people believing things that aren’t true.

It’s our education, and our culture, and our fundamental beliefs around globalism, racism, and identity that are causing these problems.

Trump is an avatar, and an instigator, but he’s not the problem.

The problem is millions of people being vulnerable to a horrible set of beliefs, and fighting against one set won’t immunize against the next one because the population is still just as vulnerable.

Not just traditional education, but on the dangers of racism, scapegoating, etc.

We need to immunize our populations against dangerous beliefs through education. It’s the only path.

Anything less is addressing symptoms rather than disease.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I’m becoming something of an audiophile. I know, that’s what I thought at first too.

The whole process has been fascinating to me, from the learning, to the gear, to the listening.

But what I’m finding most enjoyable about it, if I pay attention closely, is the fact that I’m engrossed in it. That I’m passionate about it.

That’s all we really want, isn’t it?

I wrote about this here and here

The most depressed people I know are those who aren’t deeply interested in anything.

I owe a lot of my positivity to curiosity. The fact that so many things are fascinating to me makes the world an endless source of happiness.

So when I think of something like being an audiophile, I see it as a path to extreme enthusiasm. The bliss of chasing something, which you then enjoy. It’s the process of optimization, tweaking, adjusting, and then enjoying once again.

I get this vibe from many such activities. Cooking. Gardening. Woodworking. Painting. Making music.

The happiest people are those who are most excited by life.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Many are very confused about what happened with Parler being pushed off the internet, and I think I can help.

Imagine that you’re a new virtual server provider and you have five scenarios:

You get a message saying one of your customers is hosting a joke forum that has within it some sexist jokes. Al Bundy stuff, basically, where it makes fun of women and wives and how much they annoy their husbands.You get a message saying one of your customers is hosting a messages forum frequented by lots of early-teen males with anger issues, and evidently there is a lot of low-scale racist and sexist comments, and some homophobia. None of it seems super violent or dangerous, but it’s definitely offensive.You get a message saying one of your customers is hosting a forum where men share pornographic images, but it’s mostly softcore and high-art type stuff. Some virtual/art and some actual photography. But it seems pretty tame and respectful, at least for what it is.You get a message saying one of your customers is hosting a forum for general pornography, but within the last 6 months it’s gotten increasingly explicit, and now there are multiple sections that keep popping up sharing borderline-age porn images. You get a message saying one of your customers is hosting a forum for “freedom from groupthink”, and for years it was very civil and just presented viewpoints that were counter to the mainstream politically correct opinions. But it wasn’t really directly violent or aggressive. But suddenly, over the last 6 months, it became extremely popular and now there are tons of sub-groups there who are outright promoting terrorism, racist attacks, and all sorts of horrible behavior.

Now—in all three cases—imagine that the person contacting you is saying this material is unacceptable and that they’re going to discontinue doing business with you if you don’t stop hosting them.

What do you do?

And even better—what is your process for deciding what you should do?

I think one thing should be extremely clear: as the business owner of this server hosting company, it’s up to you to decide. If you only want to host Christian bakery forums, that’s your choice. And if you only want to host Metal bands looking for drummers, that’s your choice.

There’s lots of legitimate stuff on Pirate Bay, but that doesn’t stop hosting providers from wanting to avoid the bad part.

It’s your choice to decide who to take as a customer, and who to deny, and that’s exactly what AWS did when it kicked Parler off its platform.

They didn’t stop the thousands of other hosting providers from hosting them. All they can control is their own service. It’s up to their competitors if they want to do business with them now that AWS doesn’t. And that’s where Pirate Bay comes in.

Remember Pirate Bay? Remember how they repeatedly got caught hosting questionable content, and then subsequently kept getting kicked off of various hosting services? One after another made the individual choice not to take them on as a customer based on the content that they seem to allow on their service.

This is no different.

Parler did appear to start out as just an alternative place for conversation. But that was a long time ago. And as things started heating up the place evidently kept getting more and more extreme. And then it turned out to be used by a significant number of the people who attacked the Capitol.

Well, yeah. That’s likely to get you kicked off of a platform. That’s expected behavior. The service is now tainted with the labels of terrorism, violence, etc. I’m sure it’s not all like that, but it doesn’t matter. 90% of Parler could have been a bunch of LGBT Mormon Pacifist Boyscouts, but if the other 10% were a serious problem, and the moderators weren’t controlling it, that’s plenty of reason for a host to say, “No thanks.”

And by the way, you know Pirate Bay still exists, right?

They got banned a million times by a million hosts, and they still found a way. Why? Because they weren’t censored by Christianity or the US Government. They simply had a bunch of private companies decide they didn’t like their objectionable content.

That’s what this case is ultimately about. Objectionable content.

Again, go back up to the list of scenarios above. It’s one thing to kick someone off your platform for hosting bad jokes. It’s another to kick them off for being aggressively racist and sexist. And it’s another to kick them off becasue you can’t control the forums becoming a hotbed for insurrection against the government of the United States.

That’s radioactive shit. Like underage porn, or ISIS planning forums. We should not be surprised that once AWS dropped it, many other companies followed their lead.

That’s not evidence that the universe conspired against Parler. It’s evidence that the universe continues to work like normal, and that their content is simply considered objectionable.

Insurrection, terrorism, racism, anti-Semitism, pornography, drugs, weapons, etc.—these are all categories of content that will get you kicked off of a platform if you fail to moderate them.

So stop complaining that the left-wing media crushed your free speech. They didn’t, just as they didn’t crush Pirate Bay’s free speech. Or some hosting site for questionable porn.

You’re free to be a libertarian, or to be part of the IDW, or to be anti-leftist. You know there are thousands of creators all over the internet doing that, right? Millions of people, blogging, sharing video, hosting their own shows on YouTube, on television, or on talk radio. There is tons of conservative media out there. Tons.

I find it hilarious that I keep seeing all these conservative voices in the media complaining about conservative voices have been censored.

Ben Shapiro, David Rubin, Tucker Carlson, Rush Limbaugh—all thriving…

Turns out, hosting insurrectionist extremists is a pretty high bar.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) January 17, 2021

Parler wasn’t taken offline for having conservative viewpoints. If that were the case, it would apply to millions of other outlets as well.

They were taken offline for hosting the domestic terrorism version of ISIS 8Chan. Maybe it only became that recently, but that’s not a defense. The content was more than enough reason for AWS to boot them, and it makes complete sense that others followed.

When the whole internet cancels Ben Shapiro and Tucker Carlson because they have right-leaning views then I’ll be fighting with you. But that’s not what happened. They’re still doing fine because they’re not encouraging attacks on our democracy.

This is not a mystery. Don’t make it one.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I often look back and wonder when my opinion changed about something.

My ideas on top-down vs. bottom-up approaches for nurturing ideas, for example. I know I read Loonshots, and I know I read The Evolution of Everything, and I think I read them pretty close together.

I credit/blame Tim Tyler for these wonderful diversions.

But I also read several other books orthogonally to those, both before and after. One book would lead to another—or maybe three or five more—and I read them all. A couple of times I felt like I had an epiphany, but in general I just had a feeling of, “Hmm, interesting.”

But then I slept. Every night after reading, I slept.

Are we doing something like backpropagation while we sleep?

There is a lot of research and common wisdom about us learning in our sleep. Everyone has a story about being stumped by something all day and all evening, going to bed, and waking up with the answer.

The details of how this happens is where the research is focused.

The general theory is that the brain somehow makes sense of our world, does cleanup, and works out problems while we are unconscious, and that reminds me of machine learning’s backpropagation in two ways.

It’s optimizing something based on what happened recentlyIt’s really hard to track all the changes that were made

So your ability to identify the “catness” of a furry animal might improve the more backprop you do, or you might start to understand the creative process better the more good books you read on related topics, but you’ll never be able to point at a magical threshold.

Because there wasn’t one. It was gradual, over time, as the result of consuming inputs and running this learning/adjustment process.

Reading is like Machine Learning because both lack attribution on how they got to where they are.

I hear Goodreads is closing its API soon, which I hope is only a rumor.

I think that’s fascinating, and it’s why I’m obsessed with tracking what I read. I’d love to be able to capture every book and talk I’ve ever consumed, and tag the crap out of it.

That way, if I suddenly notice my view changed on macroeconomics one day, I can look backwards at everything tagged with similar themes over the last several years.

Even then I wouldn’t be able to point and say, “That one!”, but I will likely be able to say something like,

That change probably came from this phase of discovery, from these 9 books and these 4 talks, spread out over 3.5 years.

That would be pretty cool.

—
If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.

Happy New Year! I’m trying to get to 1,000 paid subscribers, and if you enjoy the newsletter please consider becoming a member for just $59.99 a year (less than $5/month). Subscribe Now



SECURITY NEWS



Many are worried about the integrity of congressional IT systems after a mob entered the Capitol building and roamed around without any security present. One concern is that there could have been a few sophisticated attackers mixed in with the group, and that they may have left hidden eavesdropping devices or installed malware. More



The FBI is warning private industry against the Egregor ransomware group, which they say is one of the groups that extracts data before they encrypt it so that it can be used in other types of attack. They also say there are multiple implementations of the “service”, which means the TTPs can differ widely. More



It appears Parler was hacked through an information disclosure issue which lead to the ability to create admin accounts, which ended up yielding full data extraction capabilities via the API. This has resulted in mass-downloading of Parler user data, including that of “Verified Citizen” accounts, which require that the person upload their actual driver’s license. So basically a massive doxing at this point. And it appears law enforcement has been using this data to create no-fly lists and to launch further investigations. More



Clearview—the facial recognition app used by law enforcement—has seen a surge in usage since the Capitol attack last week. More



There is speculation that JetBrains, a company founded by three Russians and which maintains a Russian presence, may have been part of the Solarwinds incident. The software is used in software development, and has been purchased by 79 of the Fortune 100, including Solarwinds. More

 

It appears Chinese APTs are starting to chase financial targets. It’s not clear if it’s a means or an ends, but one example comes from Israeli security companies Profero and Security Joes. They found APT27 (Emissary Panda) going after five online gambling companies. Earlier in 2020, Trend Micro also found APT41 going after online gaming companies. More



The US government has banned Alipay and 7 other Chinese applications for use in the US. More



In the continuing discovery process of the scope of the Solarwinds hack damage, it appears countless sealed court documents were accessed as well, according to the Administrative Office of the US Courts. More



Jack Ma—the richest man in China—has gone missing after criticizing Chinese banks and having his ANT IPO stopped by the Chinese government. Nobody’s seen him in public for weeks. This is a really bad look for China, and it’s just going to tell more ambitious Chinese to get out as fast as they can, as well as telling other countries not to trust them. More



The US Space Force (still getting used to that) detected an Iranian missile attack against US forces in Iraq and alerted personnel before the missiles landed. Many were injured, but nobody died due to the early warning from the 2nd Space Warning Squadron. More



Vulnerabilities:

NVIDIA has shipped patches for multiple high-risk issues, with the highest being CVSS 8.4. More

Incidents:

Nissan had a significant source code leak due to using admin/admin as its Github credentials. The repo had over 20GB of data in it. More

TECHNOLOGY NEWS



OpenAI has released two new GPT-3 models that combine NLP with image recognition. One of them, called DALL-E, allows you to describe in natural language an image that you want it to create. Such as, “an avocado that looks like a chair”, and it’ll make some for you by itself. I often feel like OpenAI is our real-world Cyberdyne Systems. More Examples



CES is kicking off this week, and LG has some slick new transparent OLED stuff that looks really cool. The best demonstration I saw of it was a subway window that has data on it but that you can also still see through. The restaurant ordering use case was pretty cool too. But I’m all about the 8K 88″ OLED. Video



Bitcoin has crossed $40,000 less than three weeks after crossing $20,000. Not sure if this is tech news or human news, honestly. People are very worried it’s another bubble, but I think the ‘money sheltering for the rich’ angle changes things slightly. Maybe. More



Some documents out of China hint that Tesla may be looking to produce a new car for $25,000 to $30,000 as early as 2022. If this is true, and they were actually able to build them at scale, this would be more trouble for traditional carmakers, and for people who short-sold Tesla stock. More



HUMAN NEWS



It appears identical twins can differ genetically very early on in their development, and that later differences in the twins can be caused by genetics as well as environment. More



I’m not a Jeopardy fan, but I’ve seen my portion of episodes. For some reason 2020 has made this tribute video to Alex Trebek hit a lot harder. I guess because he represented part of America. Video



Elon Musk has passed Jeff Bezos to become the richest person in the world on the skyrocketing price of Tesla stock. More



A new study published in Science indicates that resistance to COVID from a previous case or vaccination might last longer than feared—even up to years. More



We have new images of Mars’ Valles Marineris, the biggest canyon system in the solar system. It’s 10 times longer than the Grand Canyon, and three times as deep. More



Denmark is offering homeowners 20-year loans at zero fixed interest. More



IDEAS & ANALYSIS



The Line Between Choosing Your Own Customers and Censorship — Was it censorship for AWS to drop Parler, or is it their right as a private company to pick who they work with? More



On Unionizing Against Tech Companies — When is it ok to push back against your company’s mission, and when should you just leave? More



MY UPDATES



I just started a new book called, The City We Became, by N.K. Jemisin. It’s like no other book I’ve ever read. And Rothfuss, the author of Name of the Wind, says this is the future of fantasy. I can see why. More



DISCOVERY  



Notes On Writing Well More



Aaron Swartz on how to be more productive. More



What I’ve Learned in 45 Years in the Software Industry More



How to Find the Perfect Music and Podcasts, Faster. More



15.ai — Create character voices with definable characteristics, using AI. More



Schwarzenegger’s comments on last week’s events were fantastic. Video



[ Free Book ] Algorithms For Making Decisions PDF



[ Free Course ] Machine Learning for Security Professionals More



Don’t dox yourself when tweeting about data breaches. More



Wired’s list of highly-hyped TV shows for 2021. More



RECOMMENDATIONS



When you think about probabilities in an uncertain situation, consider using the Probability Yardstick, which is used by NSA and multiple UK intelligence and law enforcement groups. It associates common phrases like, “remote chance”, or “realistic probability” into actual percentages so that analysts and decision-makers can have a shared language. More



APHORISMS



“We are more often frightened than hurt; and we suffer more in imagination than in reality.”



~ Seneca

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I tweeted something today about AWS kicking Parler off its platform this week, and it turned into a whole thing.

AWS banning Parler from their platform is not censorship because there are countless other providers that will host them.

Individual providers are not required to host anyone. It’s their choice who to take on as a customer.

They are not the government.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) January 10, 2021

Rob is a buddy of mine, and we ended up texting about the issue later in the thread as well.

You can read the whole thread above, but Rob was basically arguing that any influence—private or government—to limit speech is censorship. Which I just don’t agree with.

Maybe it can sometimes be desired censorship, or attempted censorship, but true censorship requires both authority and impact, as I would argue we can see from Oxford’s definition here.

A definition dance-off

If you can easily take your ball and go somewhere else you’re not being censored. For example, it’s not censorship for a small, private art gallery to decide not to show your piece in their upcoming event.

Why not?

Because there are other art galleries. And it’s not like the gallery is run by the government and they called every other art outfit in the country and told them not to carry you. If that were the case, it would be censorship.

Book publishers are another example. Are they required to publish everything that gets submitted? Or do they get to choose?

Publishers choose all the time not to publish someone because they don’t agree with their stance. That doesn’t make them censors because they’re one of many.

So AWS saying no is not really a big deal unless they represent some sort of authority that controls others. Traditionally that has meant government or religion, which is where this all comes from.

In short, censorship requires centralized, large-scale impact to someone’s ability to get their message out. In the old days that meant libraries, radio stations, MTV, etc., which were being influenced by a government or Christianity to not carry something.

AWS not hosting someone when they can go many other places to get the same service—which users don’t even see anyway—doesn’t apply.

And before anyone asks, yes, I do see a potential risk of a slippery slope where a denylist is set up and we start seeing bans across multiple platforms for any view that deviates from the current in-crowd narrative.

But there’s the small matter of that Parler-shaped slippery slope storming the capitol building this week.

In other words, I have a sneaky suspicion that all this activity is related to an extremely recent kinetic attack on our democracy rather than some amorphous and impending slippery slope from the left.

Sure, we should remain vigilant against that, but let’s start by keeping control of our government buildings.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Over the last few years I’ve seen two very different complaints against tech companies.

Google is the most recent example.

Workers Being Treated Poorly: I’m 100% in support of unionizing for this reason. Treating contractors like garbage, racism, sexism, other types of discrimination, poor working conditions, etc. These are all the types of issues that lead to the creation of unions in the first place, so…absolutely. I’m with you.
Unhappiness With What the Company Is Working On: This one makes no sense. Most people weren’t hired to pick what the company works on. And even if you were, you still need the rank to act autonomously or the gravitas to convince others to support you. Being a coder, a PM, or some random manager doesn’t give you those abilities.

The operative issue here is compulsion.

This second situation reminds me of the free speech discussion, where the right-wing types claim censorship because they can’t spread drivel on Twitter without being banned. It’s not censorship because it’s not the government, and it’s the same with complaining about company mission.

Your right to complain scales with your compulsion to participate.

You can’t complain about the work a company is doing when it’s your choice to work there. That’s like walking into a shop that only sells hotdogs and filing a complaint that they don’t have hamburgers.

Not only do they not have to sell hamburgers, but they can be called “Only Hotdogs” and then suddenly one day decide to stop selling hotdogs and only sell Shawarma instead. That’s their choice, because it’s their business.

I wouldn’t be surprised, actually.

What are you going to do? Sue?

If you don’t like what a store sells—and yet you insist on staying there and complaining (loudly) about their inventory—you have some kind of disorder that’s probably hard to pronounce.

If you choose to work at Facebook, or Palantir, or the NSO Group—in the year 2021—you know damn well what they do. You’re not stupid, because if you were you wouldn’t have a job there.

You work there because they pay you a lot of money.

So don’t try to rub Activist Aloe on your bruised conscience by starting a club that complains about the work. That work pays your bills, and you are free to leave any time you want.

This is no different than the hotdog shop.

Walk away or shut the fuck up.

Notes


There is a third case where someone might be genuinely concerned about privacy, or the environment, or whatever issue that said company could be violating, and so they want to oppose that company. No problem. But don’t take a job there, enjoy the free snacks, brag about the job to all your friends, and then one day decide from within that you’re a warrior for good causes. If you have genuinely learned something new about the company, and no longer want to support it, quit. And if you feel strongly enough to oppose them, do it from the outside. This crap about “it’s easier to change it from the inside” is usually what people with no power to actually make that change say when they don’t want to give up the paycheck.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.